At 09:51 PM 1/21/2007, S Kalyanasundaram wrote:
While ldap:// uses 389 by default and ldaps:// uses 636 by default, one can actually use ldap:// or ldaps:// on any port.
So the port is independent of the connection type?
Yes, ldap://server:636 and ldaps://server:389 are syntactically valid URLs. Of course, they are only valid in use if the server was actually and quite oddly configured to accept ldap:// on 636 and ldaps:// on 389.
The clear text authentication and as well as secured connection can be made on both the ports (389,636) ?
Given the above, and oddly configured clients (and possibly servers), asking about what ports support is confusing.
The point I was trying to make is that configuring a client to use port 636 doesn't necessarily cause it to use ldaps:// instead.
Then what for the port is being used?
Ports, and host addresses, are used to distingusih endpoints in a TCP steam. That is, server:389 and server:636 are different endpoints. Neither server:389 nor server:636 indicate which protocol (or protocol variant) is to be used (or is used).
I assumed 389 is clear text and 636 is encrypted(ssl/tls) one.
389 is the default port for ldap://. 636 is the default port for ldaps://.
However, assuming all communication is on default ports is, well, a bad assumption. This thread started with what appears to be a client using ldap:// on 636, like: if the following had been done: ldapsearch -H ldap://server:636
-- Kurt