LDAP-Connector with LDAPS (Port 636)

Similar Messages

• Does WLC 5508 Support LDAPS - Port 636

  We have 2 5508 WLC's and @ 35 AirCap Radios.
  We're running latest S/W release 8.0.110.
  We presently use LDAP to authenticate to the wireless.
  We would like to move to LDAPS on port 636.
  Configuration Guide says you can select other port numbers for LDAP but
  only port 389 is supported.
  Is this true?
  I read some old posts that said on releases year ago LDAPS and port 636 was supported.

  Config guide says below & it is default to 389. It does not say only 389 supported.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0101110.html
  "If you are adding a new server, enter the LDAP server’s TCP port number in the Port Number text box. The valid range is 1 to 65535, and the default value is 389."
  Anyway give it a try & see
  Rasika

• Error in people search when connecting through ldaps port

  Hello,
  I am getting following error when doing windows people search through ldaps port(636).
  The specified directory service could not be reached.
  The service may be temporarily unavailable or the server name may be incorrect.
  It is working fine when i am connecting thro ldap port.
  Could any one help me in this regard
  -mala

  Just setting the port in the console does not enable SSL. Do you have a certificate installed on that instance? If so, does your ldap client have that certificate (or its CA certificate) as a trusted cert? If not, you may need to run certutil to create/update the client certificate database.

• Anyone have SAP GRC CUP LDAP connector using port 636 SSL working?

  Hello,
  I wanted to verify if anybody connects to an eDirectory (or any other) LDAP in CUP using SSL port 636?
  Statement I received from SAP is that this is not supported in CUP, and only non SSL connections to LDAP work. I just have trouble to believe this as SSL would be best practice in any company.

  Pados,
    By using STUNNEL, CUP will not know about SSL. CUP will always think it is a regular connection but stunnel will send SSL connection to LDAP. Here is the link:
  http://www.stunnel.org/
  Regards,
  Alpesh

• Running only LDAPS on 636?

  Hello all,
  i managed to configure DS5.2 to run TLS/SSL on 636 ... with certifcates and all that... it works :D
  but my LDAP server is stil up and running on the normal port 389
  how can i configure it to stop listening on this port and listen only on that secure connection on port 636?
  maybe one way is to set the nsslapd-localhost to localhost and then it will listen only localy, but i dont want that... i just want to shut down the 389 port,
  is it posible?
  how can i do that?
  thanks

  i found some info on this � even if its old im 90% sure nothing has change regarding the native ldap client
  Even if Directory Server is SSL configured, anyway non-secure port also MUST be open, moreover it MUST be default (389), otherwise ldap_cachemgr(1M) during its startup will be just keep querying 389 port (which is closed) for some time and eventually ends up with �maintenance� mode, of course �
  well after reading this i wasn�t to eager to try it out, so i kept digging and found out in [Sun Java System Directory Server Enterprise Edition 6.2 Administration Guide |http://docs.sun.com/app/docs/doc/819-0995/6n3cq3aqu?a=view]
  To Disable the LDAP Clear Port you can use DSCC to perform this task.
  1. Disable the LDAP clear port.
  To disable the non secure point, you must bind to the LDAP secure port. This example shows a bind to the default LDAP secure port, 636, on the host server host1.
  $ dsconf set-server-prop -h host1 -P 636 ldap-port:disabled
  2. Restart the server for the change to take effect.
  $ dsadm restart /local/ds
  You can now no longer bind on the non secure port 389.
  well � as i believe in the power of Administration guides, i began to test the steps described above
  i run the command
  $dsconf set-server-prop -h test.machine.com -P 636 ldap-port:disabled
  Enter �cn=Directory Manager� password:
  Directory Server must be restarted for changes to take effect.
  i was thinking � oh goodie it works :D
  but then � when trying to restart
  @:/root !ksh dsadm restart <DS instance dir>
  Directory Server instance �<DS instance dir>� stopped
  [09/Jul/2008:10:02:04 +0300] - INFORMATION - Startup - conn=-1 op=-1 msgId=-1 - Non-Secure Port Disabled, server only contactable via secure port
  Failed to start Directory Server instance �<DS instance dir>�
  ns-slapd wrote the following lines in the error log (<DS instance dir>/logs/errors):
  ##[09/Jul/2008:10:02:04 +0300] - INFORMATION - Startup - conn=-1 op=-1 msgId=-1 - Non-Secure Port Disabled, server only contactable via secure port
  ##[09/Jul/2008:10:02:04 +0300] - INFORMATION - Startup - conn=-1 op=-1 msgId=-1 - Non-Secure Port Disabled, server only contactable via secure port
  ##[09/Jul/2008:10:02:05 +0300] - Sun-Java(tm)-System-Directory/6.3 B2008.0311.0058 (64-bit) starting up
  ##[09/Jul/2008:10:02:05 +0300] - ERROR<4612> - Startup - conn=-1 op=-1 msgId=-1 - Unable to start slapd because it is already running as process 8455
  ##[09/Jul/2008:10:02:05 +0300] - ERROR<12302> - Bootstrap config - conn=-1 op=-1 msgId=-1 - System error Shutting down due to possible conflicts with other slapd processes
  that was not good � hmmm
  @:/root !ksh svcs -a|grep ldap/server
  show me that the ldap/server si still running � hmmm
  @:/root !ksh svcadm disable -s ldap/server
  @:/root !ksh svcadm enable -s ldap/server
  @:/root !ksh netstat -an|grep 389
  shows nothing listening on 389 � yey it works
  @:/root !ksh cat <DS instance dir>/config/dse.ldif |grep �port: �
  nsslapd-secureport: 636
  nsslapd-port: 0
  so basically its the same method � set the nsslapd-port to 0 in dse.ldif file
  now because i didnt knew any other way to make the ldap/client to re-read the conf file and connect only on port 636, even if i didnt do any cahnges to the configuration file of the client �i restarted the client
  @:/root !ksh svcadm disable -s ldap/client
  @:/root !ksh svcadm enable -s ldap/client
  svcadm: Instance �svc:/network/ldap/client:default� is in maintenance state.
  so it seams that indeed the ldap/client doesnt know to connect to 636, only to 389� nice :(
  the new question now is:
  did Sun resolved the ldap client problem? which is known from 2006? and is the native ldap client able to bind to 636?
  i used also the command
  pkill -HUP ldap_cachemgr
  which generated some errors in the logs od the client
  Wed Jul  9 11:28:21.4829        Error: Unable to refresh profile:tls_profile:LDAP ERROR (81): Error occurred during receiving results. This may be due to a st
  alled connection.
  Wed Jul  9 11:28:21.4829        Error: Unable to update from profile
  Wed Jul  9 11:45:11.2709        Error: Unable to refresh profile:tls_profile:Session error no available conn.
  Wed Jul  9 11:45:11.2709        Error: Unable to update from profileanother thought, if i disable the 389 port then all the aci's in the dse.ldif file which refer to ldap:///... wont work... or am i mistaking here?
  maybe that's why the proxy agent cant access the tls_profile and get the needed info to start the ldap_cachemgr
  some inputs would be useful before i begin to do a sed and replace all my aci's which contain ldap:/// with ldaps:///
  i have also found that there is a project for [OpenSolaris named Duckwater|http://opensolaris.org/os/project/duckwater/duckwater_phase0/]
  Duckwater Phase 0 � May 2008
  We are currently planning to start code-review process for the first phase of Duckwater project which will, among other things, deliver the LDAP naming tools standalone functionalityalso in some documentation material [Native LDAP standalone tools (Duckwater)|http://opensolaris.org/os/community/arc/caselog/2008/256/onepager/] i found that
  The timer is set to expire on April 18, 2008.  The requested release binding is 'patch'.so when will Solaris 10 sparc have a patch that will solve the ldap_cachemgr bug?
  hmmm
  also i didnt find any workaround... yet

• Disabling LDAP / OD / Changing LDAP port

  I thought this was simple and would be no problem but I seem to be struggling.
  I have an 3rd party ldap service running on a macmini server with 10.6.2 and I want to run it on port 389. The service won't start as another app (OS X) is using it.
  So I thought no problem I'll find the LDAP and change the port. So opened directory services and changed it there with no results. Maybe OD is using it so changed that to SSL using Server Admin - That actually worked because then the Secure LDAP on my third party application shut down but normal LDAP was still blocked.
  So Can I somehow shut down or change the LDAP port 389 on OSX.
  Thanks

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address.
  2. You must have a working DNS service, and the master's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. On the Accessing your Server sheet, change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Follow these instructions to rebuild the Kerberos configuration on the master.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. Export all OD users, delete them, turn off OD, turn it back on, and import. Ensure that the UID's are in the 1001+ range.

• When Change LDAP Port , Have to Rebuild?

  I need to change LDAP port(389-> 1389)
  - Admin port : 390 -> 1390
  - 3 Master Replication
  - Sun Java System Directory Server Enterprise Edition 5.2 SP6
  sure, I need to remove exsting Replication Agreements and create Replication Agreements.
  then, I have to rebuild all LDAP Database? (3 Master)
  Thanks
  Edited by: 861866 on May 27, 2011 1:33 AM

  DISCLAIMER: this procedure is neither somewhere documented, nor officially supported, that's why you must consider all I'll write afterwards just as pure speculation.
  SUPPOSE that you can afford to cleanly shut down all the servers in the topology at the same time, after backing up each of the dse.ldif configuration files, you could change the port references in the dse.ldif files for:
  1. nsslapd-port
  2. nsslapd-referral(s)
  3. for each replication agreement:
  3.1 DN
  3.2 CN
  3.3 nsDS5ReplicaPort
  3.4 nsds50ruv(s)
  f you intend to change also the admin/config DS instance, before restarting the admin server/console, remember to update the attribute nsslapd-pluginarg0 under dn: cn=Pass Through Authentication,cn=plugins,cn=config in the dse.ldif files of the instances and also refer to the docs:
  http://download.oracle.com/docs/cd/E19850-01/816-6704-10/admin_config.html
  before restarting the instances.
  HTH,
  marco

• [OIM 11g R1] OID 11.1.1.5.0 Connector with OpenLDAP: Errors in logs

  I am using the Oracle Internet Directory 11.1.1.5.0 connector with OpenLDAP as my target system.
  Every time I run the "LDAP Connector User search Reconciliation", I see the following error for each user.
  <Feb 21, 2013 3:54:57 PM EST> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.RECON.SEARCHRECONTASK> <BEA-000000> <oracle.iam.connectors.icfcommon.recon.SearchReconTask : handle : Recon event skipped>
  The reconciliation events do get generated in OIM and the reconciliation engine does link the account when a user match is found.
  I am wondering what is causing that error to be thrown and whether if performance of the LDAP reconciliation is affected by this error.

  Any updates i am facing same problem.
  thanks in advance

• Ssocfg fails - unable to establish secure connection to OID on port 636

  Infrastructure tier on 10g Application Server was installed without the fully qualified hostname. The fix includes running the ssocfg.sh in $<infrastructure_home>/sso/bin. However, when I run the ssocfg.sh script I get an exception saying: "Repository Access API throws exception :oracle.ias.repository.schema.SchemaException: Unable to establish secure connection to Oracle Internet Directory Server ldap://<hostname>:636
  When I execute ldapbind on port 636 I get a timed out error.
  Any ideas on where to look for a fix?

  Please post your problems in more details. What is the error message you are getting?
  Please mark the post as solution if it solves your problem.
  Current Device - Nokia Lumia 1020/920

• Connecting Cinema Display with mini display port to macbook pro with thunderbolt port

  I am trying to connect a 27" cinema display (2010) that has a mini display port cable out of the back, into my macbook pro (2013) with thunderbolt ports.  The mini display port cord fits into the thunderbolt port on the Macbook Pro, however the macbook pro does not detect the cinema display and the cinema display does not have any picture on the screen.  The USB plugs in fine and sound comes out, and I have the adapter for the magsafe to magsafe 2 and that works fine, it just the actual display.  Any help would be appreciated!
  Thanks!

  Hello mmholt,
  Welcome to Apple Support Communities.
  It sounds like there’s no video on an Apple Cinema Display that’s connected to your MacBook Pro, and you’re wondering if the configuration is supported. It is supported, take a look at the article linked below for more information.
  Thunderbolt ports and displays: Frequently asked questions (FAQ) - Apple Support
  1. Can I connect a Mini DisplayPort monitor or monitor using a Mini DisplayPort adapter to a Thunderbolt port on my Thunderbolt-equipped Mac?
  Yes. A Mini DisplayPort display or a display connecting with a Mini DisplayPort to VGA, DVI, or HDMI adapter will work just like it was connecting to a Mini DisplayPort connector when plugging in directly to the Thunderbolt connector on your Apple computer. Click here for more information on Mini DisplayPort connections and adapters.
  Also, this article provides a lot of great information and troubleshooting tips that will resolve most issues related to video external displays.
  Apple computers: Troubleshooting issues with video on internal or external displays - Apple Support
  So long,
  -Jason

• IPhone 4 frozen with screen image of usb connector with arrow to iTunes logo.  iTunes doesn't recognize my iPhone message says in recovery mode must restore.  Try to restore and get - 1 error.  What do I do now??

  iPhone 4 frozen with screen image of usb connector with arrow to iTunes logo.  iTunes doesn't recognize my iPhone message says in recovery mode must restore.  Try to restore and get - 1 error.  What do I do now??

  Hi there beee19,
  You may find the troubleshooting steps in the article below helpful.
  Resolve specific iTunes update and restore errors
  http://support.apple.com/kb/ts3694
  Check USB connections
  Related errors: 13, 14, 1600, 1601, 1602, 1603, 1604, 1611, 1643-1650, 2000, 2001, 2002, 2005, 2006, 2009, 4000, 4005, 4013, 4014, 4016, “invalid response,” and being prompted to restore again after a restore completes.
  If there’s an issue with the USB port, cable, dock, or hub, or if the device becomes disconnected during restore, try troubleshooting the USB connection, then troubleshooting your security software.
  To narrow down the issue, you can also change up your hardware:
  Use another USB cable.
  Plug your cable into a different USB port on your computer.
  Try a different dock connector (or no dock).
  Add (or remove) a USB hub between your device and computer.
  Connect your computer directly to your Internet source, with no routers, hubs, or switches.
  If you checked your connections and are still seeing the error message, check for hardware issues.
  -Griff W. 

• How can i connect  apple hd cinema display 30-inch DVI to my new notebook with HDMI port

  I have ask this question in the local shop but they could not answer me - how can i connect  apple hd cinema display 30-inch DVI to my new notebook with HDMI port

  I wasn't sure how the whole thing would have work but it seems thunderbolt also acts like mini display port. Thats sweet. I can now haply continue using my 30 inch apple display.
  Thanks.

• How to connect MacBook Pro 17" Mountain Lion with HDMI port on TV, Panasonic TC-P55ST50

  Any experience with cables for connecting MacBook Pro 17" Mountain Lion with HDMI port on TV, Panasonic TC-P55ST50 (or similar)?

  It depend upon the model (age) of you MBP.  If you have a Thunderbolt or minidisplay port, then you will need a minidisplay/HDMI adapter.
  eshop.macsales.com/item/NewerTech/CBLMDPHDMI/
  Or you can get an all in one:
  http://www.amazon.com/Cable-Matters-Premium-DisplayPort-Thunderbolt/dp/B004CADYD O/ref=sr_1_3?s=electronics&ie=UTF8&qid=1361985588&sr=1-3&keywords=minidisplay+hd mi
  If you have an older mac with a DVI port, you will need something like this:
  http://www.amazon.com/DVI-HDMI-Cable-6ft-Male-Male/dp/B0002CZHN6
  Note that audio is supported via HDMI for MBPs 2010 and later.  Earlier ones require tapping the audio output port.
  Ciao.

• How to connect the macbook with thunderbolt display 27" to TV with RGB port?

  Hi,
  I have the following equipments in hands:
  1. Macbook PRO 15 inch with 1 thunderbolt port, OS is Mavericks 10.9.2
  2. Apple Thunderbolt display 27" identical to this : http://www.apple.com/displays/
  3. A Samsung TV with RGB port, & HDMI port.
  I want all these displays ( macbook, Apple thunderbolt display & the Samsung Tv) connected at the same time, I had a trial to connect them using a minidispaly adapter to RGB port & HDMI port  in the TV but it didnt worked.
  Please help!
  Thank you.

  The Thunderbolt dock adds extra ports:
  HDMI (up to 2560x1600 with the Elgato, 1920 x 1200 with the CalDigit)
  3 USB 3
  Ethernet
  Audio in
  Audio out
  You could also use a Belkin Thunderbolt dock.
  <http://www.belkin.com/us/p/P-F4U055/>
  It includes a FireWire port, but no HDMI port, so would need a Mini DisplayPort to HDMI adapter (1920 x 1200 max) for the TV.  This would use the second Thunderbolt port, so the Belkin dock has to be used with the port on the back of the Thunderbolt display, not between the computer and display.
  If you don't need the extra ports, use a Thunderbolt hard drive (with two Thunderbolt ports)
  <http://www.seagate.com/external-hard-drives/desktop-hard-drives/backup-plus-desk -mac-thunderbolt/>
  This can be your Time Machine drive.  Connect the Thunderbolt display to the computer, one port of the drive to the port on the back of the display, and a Mini DisplayPort to HDMI adapter to the second Thunderbolt port on the drive.
  You will have three displays with differing resolutions, so mirroring is not going to fill each screen at full resolution.

• Anyone else having trouble connecting MBP with thunderbolt port (TBp) and 27"iMac with mini display port (MDp)

  I have a 27" Imac.i7 with mini displayport and MBP13 i5 with thunderbolt port. Some time ago I tried to connect my old MBP with miniDP  to The 27"iMac I Failed so did the apple centre they refunded cable costs and said I'd be contacted by Cupertino. That was 9 months ago, now replaced MBP with 13 inch(**** I can use my iMac as display!). Does not work phoned Fast Lane very helpful guy called JIM emailed me some software/firmware update links.  Still no display linking. One of the links was for a couple of updates for a TBp equiped 27" iMac mine is only MDp equiped. Failing to find any MDp updates in apple support.  Anyone have any Ideas!  My lad has a later 27"i5 he uses Xbox 360 no problem on his but it wont look at my MBP.
  Beginning to feel like some of the kit that went with a fully loaded 5500 worked eventually. Computer and FM radio, Photography kit fine, video capture audio capture forget it.  Too many crashes and resets made it impractical. 

  Check discussion from  Linc Davis  on this thread
  Problems with Preview
  Similarly preview hangs opening files