CORRECT TEXT
Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL)
connections with the LDAP Server is
Answer: 636
Explanation:
636
The default port number for Secure Sockets Layer (SSL) connections with the LDAP Server is
CORRECT TEXT
Fill in the blank with a numeric value. The default port number for Secure Sockets Layer (SSL)
connections with the LDAP Server is
Answer : 636
sk100246
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100246&partition=General&product=IPS%22
TCP:
443 (HTTPS – HTTP over SSL)
465 (SMTPS – SMTP over SSL)
563 (NNTPS – NNTP over TLS/SSL)
636 (LDAPS – LDAP over TLS/SSL)
989 (FTPS Data – FTP Data over TLS/SSL)
990 (FTPS Control – FTP Control over TLS/SSL)
992 (Telnet over TLS/SSL)
993 (IMAPS – IMAP over SSL)
995 (POP3S – POP3 over SSL)
1194 (OpenVPN)
2484 (Oracle Database listening for SSL client)
5061 (SIP over TLS)
8443 (Apache Tomcat SSL)
UDP:
563 (NNTPS – NNTP over TLS/SSL)
636 (LDAPS – LDAP over TLS/SSL)
4433 (OpenSSL)
sk55040
Solution
Run the ldapsearch command from the gateway to test LDAP authentication from the CLI.
Examples:
requiring SSL encryption:
# ldapsearch -h 192.168.x.x -p 636 -Z -D “cn=Administrator,cn=users,dc=nightcrawler,dc=local” -w -b “ou=CP_Ottawa_Site,DC=nightcrawler,DC=local” “(sAMAccountName=steve)”
no encryption
# ldapsearch -h 192.168.x.x -p 389 -D “cn=Administrator,cn=users,dc=nightcrawler,dc=local” -w -b “ou=CP_Ottawa_Site,DC=nightcrawler,DC=local” “(sAMAccountName=steve)”
-h 192.168.x.x in this example is an LDAP server
-p 636 is the port
-Z (must be upper case) is used to enforce encryption while port is 636 (when port is 389 there is no need for -Z )
-D is LDAP administrators user
-w is administrators password
-b is the user and group we query from the LDAP server where “ou=CP_Ottawa_Site,DC=nightcrawler,DC=local” is organization and “(sAMAccountName=steve)” is the user himself
636