TLS Port 636 for LDAPS or LDAP connections

I’m unable to get encrypted connections working for my LDAP queries. If I leave the port at 389, it works, but then I see credentials and queries passing by when sniffing network traffic. As soon as I switch the port to 636, I see the same traffic start but it fails as it’s not attempting a TLS connection. I don’t see a setting to enable TLS for my LDAP connections. Looking through the code, it appears if the port is anything but 389 you’re changing the connection options. I’ve imported the root certificate from the FreeIPA LDAP server into the RedHat Linux TLS trust store. I’ve enabled debug but nothing appears to be logged. There’s no error or timeout message. It just hangs forever.

Have you verified you can reach your LDAP server from the RHEL server with TLS over port 636? I’m not sure what command to recommend.

I don’t know anything about the RHEL Trust Store but if it doesn’t apply the Root Certificate to OpenSSL or OpenLDAP (can’t remember which) it’s probably not having the affect you want. I remember I used a config change to allow hostname mismatches to be accept by LDAP connections but I forgot what it was and I’ve since fixed the mismatch issue.