On Thu, Jul 07, 2005 at 11:40:12AM -0400, James Craig wrote: > if I set up the ldap server to also listen on port 383, and change the > line > > NS_LDAP_SERVERS= 129.21.36.128 > > It works. > > From what I am getting from this, is that the solaris ldap client wants > to communicate on an unencrypted channel and establish encryption from > that. > > What I think I need to figure out (and help is always appreciated) is > how to get the solaris ldap client to communicate with the openldap > server on port 636 without having to go through TLS negotiation.
Port 636 is reserved for ldaps (LDAP over TLS). It would be pretty silly to run a non-TLS LDAP server on port 636. Your three options are: - LDAP on port 389, unencrypted (no TLS) - LDAP on port 389, TLS encrypted using the 'starttls' extension (RFC2830); that is, the connection starts unencrypted and then a request is sent to upgrade the connection to TLS. - LDAPS on port 636, TLS is negotiated immediately on connection At the moment your client thinks it is talking LDAP without TLS, and your server is trying to negotiate TLS immediately. --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
