Mac OS X: SSL/TLS LDAP Connections from Address Book

If you attempt to connect Mac OS X’s address book to an LDAP Server via SSL you’re in for a bit of a surprise. Akin to Mac OS X’s haphazard support for SSL in (SSL is hardcoded to ONLY work on port 993, if SSL is checked but a different port is selected, SSL will not be enabled)…

Well, this time around the error is less obvious, and easier to work around…

SSL services are generally “wrapped around” a protocol, which causes the protocol to require a separate port to operate. HTTPS and IMAPS are good examples of this. On the other hand, TLS protocols generally are a feature of a protocol, and can be activated in the middle of a session. SMTP is a good example of this.

In spite of their similarities, TLS and SSL are not necessarily compatible, though TLS can transform itself into SSLv3 in certain circumstances…

LDAP implementations would generally provide LDAP on port 389 and SSL LDAP (ldaps) on port 636. However, Apple AddressBook doesn’t actually do SSL, it does TLS, which is interwoven into the LDAP protocol and can happens port 389.

So, to securely use your LDAP server, you should select the “SSL” checkbox, but then override the port to 389.


3 thoughts on “Mac OS X: SSL/TLS LDAP Connections from Address Book”

  1. Good day! I could have sworn I’ve been to this website before but after reading through some of the post I realized it’s new to me.

    Anyhow, I’m definitely glad I found it and I’ll be bookmarking and checking back frequently!

  2. This way, you’re way to benefaction a accumulation of views upon singular craving perspective of report that you can get opposite a accumulation of directories instantaneously pibldy a secured card is a useful one for people that have a bad history and a bad credit score.

  3. Full disk encryption is encryption in the hard disk level. This software performs by automatically converting data on a hard drive into a form that can not be comprehended by everybody who doesn’t have the essential to “undo” the conversion. Without the correct authentication essential, even when the difficult hard drive is taken away and used in a different machine, the data remains inaccessible.

Leave a Reply

Your email address will not be published. Required fields are marked *