[EMAIL PROTECTED] writes: > I have a running ldap with TLS support. I have checked the > certificate at port636 with the openssl command and it is > working well. now in my php-ladp-admin I have also set the > port at 636 but it can't bind with the ldap now. > I have checked the log and it shows *TLS negotiation > failure*
My guess: You are trying to speak the LDAP protocol to port 636. Don't. Either use StartTLS against port 389 (with the LDAP protocol and maybe an 'ldap:' URL), or use an 'ldaps:' URL against port 636. Port 389 expects the LDAP protocol, and StartTLS is an LDAP operation sent over this protocol which makes the connection switch to TLS. Port 636 expects the TLS protocol and LDAP inside that - i.e. the 'ldaps' protocol, as if StartTLS had already been sent. A client should deduce the default port number from the protocol (ldap or ldaps), not the protocol from the port number. -- Regards, Hallvard --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
