Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: diverseft
diverseft Author
User level: Level 1
0 points

Iphone and LDAP with SSL

Hi all


I am having a really annoying problem with my work iPhones where I am trying to do LDAP queries over SSL to Server 2008 Active Directory to get contact information. The problem is that plain LDAP works fine using the iPhone LDAP client. The issue arrises when turning on SSL. I have ensured that my Active Directory server can receive LDAP SSL requests and it definitly works fine (self-signed certificate). As soon as I turn SSL on, the connection fails. I have seen multiple threads on this issue without any resoultion that I can find:


https://discussions.apple.com/thread/2812226?start=0&tstart=0

https://discussions.apple.com/thread/2559644?start=0&tstart=0



As a last resort, I have found an app called LDAPeople. I have tested this with LDAP SSL and this works no problem so it is definitly a problem with the native iPhone LDAP tool. Can anyone shed any light on this. I believe it might be something to do with self-signed certificates but not 100% sure. Has anyone managed to get around this problem at all or can give me any advice?


Many Thanks


T

OS X Mountain Lion (10.8.2)

Posted on Jan 7, 2013 1:54 AM

Reply
3 replies
User profile for user: diverseft
diverseft Author
User level: Level 1
0 points

Jan 18, 2013 2:43 AM in response to diverseft

OK. Finally got this working. Here is what I did:


1. IOS doesn’t support self-signed certificates so got a cert from GoDaddy

2. Imported that into my CA

3. Created a sub domain (ldaps.domain.co.uk) pointing to the public IP address of my server with Active Directory on it (DNS through webhosting).

4. Opened up Port 389 on my firewall (for SLDAP IOS still uses port 389, not 636) and forwarded to my Active Directory server.

5. On iPhones I used ldaps.domain.co.uk for the LDAP server location and turned on SSL. Also used domain\user for account.

6. Setup search base.

7. Used Wireshark to ensure packets are definitely encrypted.


All works - Happy Day 🙂

Reply
User profile for user: mikyg
mikyg
User level: Level 1
0 points

Mar 21, 2013 11:37 AM in response to diverseft

Hello,


Sorry but what you say is wrong. I use a self signed certificate with my own CA and it works.


Last summer (september/october), I worked on this topic, to get my iphone connect to my ldap server with encryption.

Turning on the SSL option switched the connection to port 636/tcp.

I used iOS 5


Yesterday I decided to restart my ldap server (I'm a geek sorry, it's just a personal ldap server). And had hard time this morning debuging it. Tcpdump shown no sign of packets although, ldap connection without SSL worked. I was thinking it was a NAT problem but no.

The flow goes to port 389/tcp in both case and use STARTTLS with SSL enabled. I have iOS 6.1.2


So, to me, how ldap with ssl works depends on your firmware version. You probably expected the flow to arrive on port 636/tcp whereas it arrived on port 389/tcp and got dropped by your firewall.


I always read (on my iphone) what are the new features before upgrading my iOS firmware version and I don't remember I've read they would change the ldap ssl behavior.


The iPhone is even more confusing because it says something like "Use SSL" (I translate it from french).

LDAP over SSL uses port 636/tcp so this was correct in iOS5, now that it's using port 389/tcp it should be written use TLS ! So it's Apple misleading the users in their configuration.


Happy day =)

Reply

Iphone and LDAP with SSL

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up