At 09:51 PM 1/21/2007, S Kalyanasundaram wrote: >> While ldap:// uses 389 by default and ldaps:// uses 636 by default, >> one can actually use ldap:// or ldaps:// on any port. > >So the port is independent of the connection type?
Yes, ldap://server:636 and ldaps://server:389 are syntactically valid URLs. Of course, they are only valid in use if the server was actually and quite oddly configured to accept ldap:// on 636 and ldaps:// on 389. >The clear text authentication and as well as secured connection can be made on >both the ports (389,636) ? Given the above, and oddly configured clients (and possibly servers), asking about what ports support is confusing. The point I was trying to make is that configuring a client to use port 636 doesn't necessarily cause it to use ldaps:// instead. >Then what for the port is being used? Ports, and host addresses, are used to distingusih endpoints in a TCP steam. That is, server:389 and server:636 are different endpoints. Neither server:389 nor server:636 indicate which protocol (or protocol variant) is to be used (or is used). >I assumed 389 is clear text and 636 is encrypted(ssl/tls) one. 389 is the default port for ldap://. 636 is the default port for ldaps://. However, assuming all communication is on default ports is, well, a bad assumption. This thread started with what appears to be a client using ldap:// on 636, like: if the following had been done: ldapsearch -H ldap://server:636 -- Kurt
