Skip navigation

Iphone and LDAP with SSL

1866 Views 3 Replies Latest reply: Mar 21, 2013 11:37 AM by mikyg RSS
diverseft Calculating status...
Currently Being Moderated
Jan 7, 2013 1:54 AM

Hi all

 

I am having a really annoying problem with my work iPhones where I am trying to do LDAP queries over SSL to Server 2008 Active Directory to get contact information. The problem is that plain LDAP works fine using the iPhone LDAP client. The issue arrises when turning on SSL. I have ensured that my Active Directory server can receive LDAP SSL requests and it definitly works fine (self-signed certificate). As soon as I turn SSL on, the connection fails. I have seen multiple threads on this issue without any resoultion that I can find:

 

https://discussions.apple.com/thread/2812226?start=0&tstart=0

https://discussions.apple.com/thread/2559644?start=0&tstart=0

 

 

As a last resort, I have found an app called LDAPeople. I have tested this with LDAP SSL and this works no problem so it is definitly a problem with the native iPhone LDAP tool. Can anyone shed any light on this. I believe it might be something to do with self-signed certificates but not 100% sure. Has anyone managed to get around this problem at all or can give me any advice?

 

Many Thanks

 

T

OS X Mountain Lion (10.8.2)
  • mikyg Calculating status...
    Currently Being Moderated
    Mar 21, 2013 11:37 AM (in response to diverseft)

    Hello,

     

    Sorry but what you say is wrong. I use a self signed certificate with my own CA and it works.

     

    Last summer (september/october), I worked on this topic, to get my iphone connect to my ldap server with encryption.

    Turning on the SSL option switched the connection to port 636/tcp.

    I used iOS 5

     

    Yesterday I decided to restart my ldap server (I'm a geek sorry, it's just a personal ldap server). And had hard time this morning debuging it. Tcpdump shown no sign of packets although, ldap connection without SSL worked. I was thinking it was a NAT problem but no.

    The flow goes to port 389/tcp in both case and use STARTTLS with SSL enabled. I have iOS 6.1.2

     

    So, to me, how ldap with ssl works depends on your firmware version. You probably expected the flow to arrive on port 636/tcp whereas it arrived on port 389/tcp and got dropped by your firewall.

     

    I always read (on my iphone) what are the new features before upgrading my iOS firmware version and I don't remember I've read they would change the ldap ssl behavior.

     

    The iPhone is even more confusing because it says something like "Use SSL" (I translate it from french).

    LDAP over SSL uses port 636/tcp so this was correct in iOS5, now that it's using port 389/tcp it should be written use TLS ! So it's Apple misleading the users in their configuration.

     

    Happy day =)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.