I'm having a hard time migrating our openldap installation from Debian to RedHat.
Two instances of openldap are running, they have the same configuration, except that one handles ldap: requests, and the other one ldaps: requests.
netstat shows that they are both listening:
sudo netstat -avp --tcp | grep ldap
tcp 0 0 *:ldap *:* LISTEN 11348/slapd
tcp 0 0 vldap-test-1.ceti.etat-:ssh 10.137.79.116:50842 ESTABLISHED 10461/sshd
tcp 0 0 vldap-test-1.ceti.etat-:ssh 10.137.79.116:49164 ESTABLISHED 7993/sshd
tcp 0 64 vldap-test-1.ceti.etat-:ssh 10.137.79.116:50815 ESTABLISHED 10281/sshd
tcp 0 0 *:ldaps *:* LISTEN 11344/slapd
tcp 0 0 *:ldap *:* LISTEN 11348/slapd
I'm not sure why two lines are shown for ldap, and only one for ldaps... whatever...
The ldap: requests work fine, but the ldaps: requests don't.
What's more puzzling, is that when I type the following command:
sudo openssl s_client -connect vldap-test-1:636 -showcerts
Or, with the IP address:
sudo openssl s_client -connect 10.145.24.112:636 -showcerts
I'm getting:
socket: Connection refused
connect:errno=111
whereas when I use localhost (not 127.0.0.1):
sudo openssl s_client -connect localhost:636 -showcerts
I'm getting:
CONNECTED(00000003)
depth=0 CN = vldap-test, OU = DGSI, O = Etat, L = GE, ST = GE, C = CH
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = vldap-test, OU = DGSI, O = Etat, L = GE, ST = GE, C = CH
verify return:1
---
Certificate chain
0 s:/CN=vldap-test/OU=DGSI/O=Etat/L=GE/ST=GE/C=CH
i:/CN=vldap-test/OU=DGSI/O=Etat/L=GE/ST=GE/C=CH
-----BEGIN CERTIFICATE-----
MIICOzCCAaSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwWjETMBEGA1UEAxMKdmxk
YXAtdGVzdDENMAsGA1UECxMEREdTSTENMAsGA1UEChMERXRhdDELMAkGA1UEBxMC
... etc...
Can anyone help me understand what's happening here?
Thanks in advance
UPDATE:
It seems that the ldap: instance is listening both IPv6 and IPv4 but the ldaps: version is listening only IPv6.
How can I fix this?
Got it: the IPv4 port was attributed to portreserve.