Mac OS X: SSL/TLS LDAP Connections from Address Book

If you attempt to connect Mac OS X’s address book to an LDAP Server via SSL you’re in for a bit of a surprise. Akin to Mac OS X’s haphazard support for SSL in Mail.app (SSL is hardcoded to ONLY work on port 993, if SSL is checked but a different port is selected, SSL will not be enabled)…

Well, this time around the error is less obvious, and easier to work around…

SSL services are generally “wrapped around” a protocol, which causes the protocol to require a separate port to operate. HTTPS and IMAPS are good examples of this. On the other hand, TLS protocols generally are a feature of a protocol, and can be activated in the middle of a session. SMTP is a good example of this.

In spite of their similarities, TLS and SSL are not necessarily compatible, though TLS can transform itself into SSLv3 in certain circumstances…

LDAP implementations would generally provide LDAP on port 389 and SSL LDAP (ldaps) on port 636. However, Apple AddressBook doesn’t actually do SSL, it does TLS, which is interwoven into the LDAP protocol and can happens port 389.

So, to securely use your LDAP server, you should select the “SSL” checkbox, but then override the port to 389.

Screenshot...

522 thoughts on “Mac OS X: SSL/TLS LDAP Connections from Address Book”

Leave a Reply

Your email address will not be published. Required fields are marked *