I used to force port 636 comm with my OpenSolaris clients and had my LDAP slaves listen and handle both TLS and LDAPS
Ian On Fri, Mar 18, 2022 at 8:38 AM Schweiss, Chip <c...@innovates.com> wrote: > I'm trying to join my OmniOS 038 systems to our AD so that UIDs and GIDs > resolve and I can get around the NFS 16 group limit. > > The problem I'm having is that it appears the LDAP client in Illumos has > no support for LDAPS which is now a requirement. > > From the ldapclient man page: > > CAUTION > Currently StartTLS is not supported by libldap.so.5, therefore the > port > number provided refers to the port used during a TLS open, rather > than > the port used as part of a StartTLS sequence. To avoid timeout > delays, > mixed use of TLS and non-TLS authentication mechanisms is not > recommended. > > For example: > > -h foo:1000 -a authenticationMethod=tls:simple > > ...or: > > defaultServerList= foo:1000 > authenticationMethod= tls:simple > > The preceding refers to a raw TLS open on host foo port 1000, not an > open, StartTLS sequence on an unsecured port 1000. If port 1000 is > unsecured the connection will not be made. > > As a second example, the following will incur a significant timeout > delay while attempting the connection to foo:636 with an unsecured > bind. > > defaultServerList= foo:636 foo:389 > authenticationMethod= simple > > Has anyone found a way to work around this? > > Thanks, > -Chip > *illumos <https://illumos.topicbox.com/latest>* / omnios-discuss / see > discussions <https://illumos.topicbox.com/groups/omnios-discuss> + > participants <https://illumos.topicbox.com/groups/omnios-discuss/members> > + delivery options > <https://illumos.topicbox.com/groups/omnios-discuss/subscription> > Permalink > <https://illumos.topicbox.com/groups/omnios-discuss/Tb99e88b61c690e04-M286d5157170005165c257b75> > -- Ian Kaufman Research Systems Administrator UC San Diego, Jacobs School of Engineering ikaufman AT ucsd DOT edu *UC San Diego is working thoughtfully and strategically to consider our return to campus, with safety as the top priority. Stay informed about UC San Diego developments and updates in response to COVID-19 at https://returntolearn.ucsd.edu <https://returntolearn.ucsd.edu/>* ------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/Tb99e88b61c690e04-Mc29e95b606d83d72ad2dbf6f Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
