Error trying to use LDAP Authentication using TLS (port 636)

tuliolazarini

Hello everyone,
I've being using standard LDAP authentication over a Microsoft domain, via port 389. It works flawlessly. Now we're moving to a more secure approach, enabling TLS and authenticating on port 636. So I've put ':636' in the end of all server names, and enabled the TLS, as shown in the image below:

Now I'm receiving the error message "Could not connect to xxxxxxx.com.br:636:389: Unable to bind to server xxxxxxx.com.br:636"
I've tested ports 389 and 636 and both are available through firewall, so there are no connectivity issues.
Any help would be much appreciated.

tuliolazarini

In order to test LDAP connectivity and make sure it is working fine, I've tested the following command on my CentOS server where OSTicket is running:
ldapsearch -x -D "CN=userID,OU=USERS,OU=WLON01 London,OU=England,OU=Europe Africa and Middle East,DC=level5,DC=level4,DC=level3,DC=com,DC=br" -W -H ldaps://nononono.nonono.nonono.com.br:636 -b "OU=England,OU=Europe Africa and Middle East,DC=level5,DC=level4,DC=level3,DC=com,DC=br" -s sub 'cn=userID
After typing the correct password, the query succeeded. Grateful in advance for any hint.

tuliolazarini

I'm afraid I've found a solution myself: specifying ldaps:// before the hostname and adding :636 at the end of server name, and disabling the TLS option allowed me to authenticate users. In fact, I was confusing two different concepts: using LDAPS over SSL - which is my current scenario, and using LDAP over TLS, which is not. So if you're experiencing issues regarding LDAPS, try using a fully qualified server name (starting with ldaps:// and ending with :636) and unchecking TLS, hope also works for you.