[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS + SSL and openldap

To: openldap-technical@openldap.org
Subject: Re: TLS + SSL and openldap
From: Bjørn Ruberg <bjorn@ruberg.no>
Date: Thu, 10 Dec 2009 07:41:36 +0100
Cc: Dieter Kluenter <dieter@dkluenter.de>
In-reply-to: <87iqcfgbzf.fsf@rubin.avci.de>
References: <c6bf33680912082236g4561f90cu5f92066af8afd68a@mail.gmail.com> <87iqcfgbzf.fsf@rubin.avci.de>
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Dieter Kluenter wrote:

Bruno Steven <aspenbr@gmail.com> writes:

Hi,
I am trying configure openldap work with tls , but I have two question about this, first
when I use tls openldap use port 389 and ssl port 639 , is this correct ?Second How I can test connection between client and server, cryptography is working ?


There is no ssl port! SSL (Secure Socket Layer) is a proprietary,
licence based protocol, owned by Netscape? I don't know whether the
IPR of this protocol have been part of the Netscape/AOL deal. OpenLDAP,
and most other network based applications, have implemented Transport
Layer Security (TLS), RFC 2246. As a LPI certified professional you
should be aware of this.


[citation needed]

OpenLDAP uses port 639, which has not been assigned by IANA to LDAP(S)
protocol, as TLS-enabled port. Port 389 is still required for the LDAP
extended operation startTLS (RFC-4513).


# getent services ldaps
ldaps                 636/tcp

In my experience, OpenLDAP has no problems listening to port 636 as anSSL enabled port. TLS (using STARTTLS) runs on 389.


-
Bjørn

References:
- TLS + SSL and openldap
  - From: Bruno Steven <aspenbr@gmail.com>
- Re: TLS + SSL and openldap
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: OpenLDAP as a proxy/rewrite/remap to AD for nss_ldap
Next by Date: Re: TLS + SSL and openldap
Index(es):
- Chronological
- Thread