[sudo-users] LDAPS + sudo + AIX 7.1

Todd C. Miller Todd.Miller at courtesan.com
Thu Aug 22 08:19:33 MDT 2013

On Thu, 22 Aug 2013 07:43:03 -0500, ace man wrote:

> WIth the correct password I get  "Failed to connect to ssl server"
> It looks like "ssl start_tls" is trying to connect via port 389 even though I
> have "PORT 636" set in ldap.conf.
> This is no good since I use port 636 for SSL/TLS.

There are two ways to do encrypted LDAP.  You can do ldaps on port
636 where the connection is encrypted from the beginning.  Or you
can use start_tls which uses port 389 and then negotiates TLS.
These days, start_tls is the standard way to do encrypted LDAP.

 - todd

More information about the sudo-users mailing list