[ldap] Re: Solaris setup

Thu, 07 Jul 2005 13:38:52 -0700 



--On Thursday, July 07, 2005 9:32 PM +0100 Brian Candler 
<[EMAIL PROTECTED]> wrote:



      And what's more, when I run snoop
        on the master,  this is how things start up:

        tear -> manetheren   LDAP C port=56534
  manetheren -> tear         LDAP R port=56534
        tear -> manetheren   LDAP C port=56534
        tear -> manetheren   LDAP C port=56534 Search Request
        neverDerefAliases manetheren -> tear         LDAP R port=56534
  manetheren -> tear         LDAP R port=56534 Search ResEntry
  manetheren -> tear         LDAP R port=56534 Search ResDone Success
        tear -> manetheren   LDAP C port=56534
        tear -> manetheren   LDAP C port=56534
        tear -> manetheren   LDAP C port=56534 Unbind Request
        tear -> manetheren   LDAP C port=56534
  manetheren -> tear         LDAP R port=56534
  manetheren -> tear         LDAP R port=56534
  manetheren -> tear         LDAP R port=56534
        tear -> manetheren   LDAP C port=56534
        tear -> manetheren   TCP D=636 S=56535 Syn Seq=840837329 Len=0
        Win=49640 Options=<mss 1460,nop,nop,sackOK> [..]

        Interesting to me is that at no point is port 383 contacted.


Why 383? LDAP is 389.

Solaris snoop is being stupid. A TCP connection has *two* port numbers -
one for each end. e.g. [1.2.3.4:3456] <=> [5.6.7.8:389] is a TCP
connection between IP address 1.2.3.4 port 3456 and IP address 5.6.7.8
port 389.

It is only showing you one of those.


        So why do I need to have ldap:/// going ???


Because your LDAP client only supports standard LDAP, or because you
haven't told it to use TLS. Sorry, I don't know this actual software
you're using. All I can give you is clues to work it out. e.g. read the
docs and find a setting which says "use TLS for LDAP connections" (if it
supports it at all)



Which is why about 5 messages ago I suggested reading the man page for 
ldapclient, which is what is supposed to create and configure the file in 
question that is getting edited, and it has a section on TLS.


--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.






















					Reply via email to