How we can know that LDAPS is working?

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 653

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
LDAPS

Answer

Collect packet traces where the connection between the LDAP server and the SVM can be filtered and investigated
From Wireshark filter by TLS protocol and check the TCP port used for the communication.
Normal LDAPS communication is on port 636 and should look like in the example:

Source            Destination     Protocol Src. Port  Dest. Port Info

192.168.90.132    192.168.90.55   TLSv1.2  19322      636      Client Hello

192.168.90.55     192.168.90.132  TLSv1.2  636        19322    Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done

192.168.90.132    192.168.90.55   TLSv1.2  19322      636      Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

192.168.90.55     192.168.90.132  TLSv1.2  636        19322    Change Cipher Spec, Encrypted Handshake Message

192.168.90.132    192.168.90.55   TLSv1.2  19322      636      Application Data

192.168.90.55     192.168.90.132  TLSv1.2  636        19322    Application Data

192.168.90.132    192.168.90.55   TLSv1.2  19322      636      Application Data

192.168.90.55     192.168.90.132  TLSv1.2  636        19322    Application Data

192.168.90.132    192.168.90.55   TLSv1.2  19322      636      Application Data

192.168.90.55     192.168.90.132  TLSv1.2  636        19322    Application Data

192.168.90.132    192.168.90.55   TLSv1.2  19322      636      Application Data

192.168.90.55     192.168.90.132  TLSv1.2  636        19322    Application Data

Additional Information

How to capture packet traces (tcpdump) on ONTAP 9.2+ systems
Does ONTAP support port 636 for LDAPS?