s3d2y (s3d2y) asked a question.
Okta LDAP Interface (Not Agent)
The issue we’re having is with the the Okta LDAP Interface. We can connect to it on port 389, using ldapsearch on a MacOS computer, and everything works as expected. However connecting on port 636 (which Okta says is preferable) doesn’t work. My study suggests that we may need to import an Okta cert to make this work right? authentication.
Again, my laptop with ldapsearch can browse the Okta LDAP Interface on port 389 perfectly! But on port 636, ldapsearch gives this error: ldap_result: Can't contact LDAP server (-1).
Any help you can provide would be much appreciated! Thanks!
Randy
Hello, I downloaded ldapadmin on connect it gets cert install on the mac n u good
I tried that. Ldap admin connects on 636 after downloading the cert. However after installing that cert in my macos system certs and trusting it, I still cannot connect on port 636 with the command line ldapsearch tool.
Can anyone tell me why Okta recommends LDAPS on 636? Is port 389 with StartTLS considered less secure by Okta?
I did further research and it appears that there is disagreement on whether LDAPS on 636 is any better than port 389 with StartTLS. Some sources say that LDAPS on 636 is depreciated and should not be used, and that port 389 with StartTLS should be used exclusively.
Thoughts?