Bruno Steven <[email protected]> writes: > Hi, > > I am trying configure openldap work with tls , but I have two question about > this, first > when I use tls openldap use port 389 and ssl port 639 , is this correct ? > Second How I can test connection between client and server, cryptography is > working ?
There is no ssl port! SSL (Secure Socket Layer) is a proprietary, licence based protocol, owned by Netscape? I don't know whether the IPR of this protocol have been part of the Netscape/AOL deal. OpenLDAP, and most other network based applications, have implemented Transport Layer Security (TLS), RFC 2246. As a LPI certified professional you should be aware of this. OpenLDAP uses port 639, which has not been assigned by IANA to LDAP(S) protocol, as TLS-enabled port. Port 389 is still required for the LDAP extended operation startTLS (RFC-4513). You may test your TLS session with: openssl s_client -connect localhost:639 -CAfile <file> Unfortunately openssl is not able to initiate a ldap_starttls session on port 389. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°37'09,95"N 10°08'02,42"E
