on. den 13. 03. 2024 klokka 15.46 (+0100) skreiv Marco Moock: > > That message is empty. > oops, I am sorry, thank you for letting me know. denis wrote: > Executed the following command: > ldapwhoami -ZZ -H ldap://dnsservername -D "CN=xxxxx,CN=Users,DC=xxxxxxx,DC=xxx" -W > and I got the proper reply. Which indicate that the AD is accepting connections on LDAPS port and CA was properly imported. Not really: in this mode, ldapwhoami uses port 389 and sends STARTTLS to upgrade to encrypted communication. You need to use the uri schema ldaps:// to connect to the LDAPS port, 636. Marco wrote: > I can appreciate that because of security and privacy issues when not > using encryption. Well, in both cases encryption is used. There is however a shift from the old IETF "use only one port for a protocol" to a mode where SSL is established before the protocol itself. The reason for this is complexities in the state machine which has caused security problems in the past. This can also happen on the sysadmin level, where misconfiguration may allow authentication even before STARTTLS has been successful, which means the password is sniffable. An example of such a port migration is IMAP, where port 143 is not so popular anymore compared to IMAPS, 993. -- venleg helsing, Kjetil T. ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T1c604a219c5fa805-M0ea0a49c102e61e71cf7c8d2 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
