How can we help you today?
Start a new topic

Using LDAPS via Port 636 on M700 / M300

Hi,

how to configure LDAPS with Port 636 on Snom M700/M300 Base station? Simply changing the port from 389 to 636 s not working. We need this functionality to provide LDAP access.


Best regards.


Martin,


What version of firmware are you using? Can you upgrade to release candidate 450B11 and re-test?


https://service.snom.com/display/wiki/BSV450B11+%28base%29+HSV450B11+%28handset%29+-+Official+Release 


Regards,


Snom Support

Thank you very much for your fast response. We did an update to 450B11, now there is a possibility to choose TLS as encryption method, but the connection cannot be established. Unfortunately, the error message is not very informative ;)

loc3 .Info 2019-10-18T10:20:15Z 04-[ LDAP: LDAP_BIND_CFM fails. 15] 


Any further ideas? The configuration is working. If we change the port back from 636 to 389 and switch TLS off, the LDAP connection works.

Martin,


Do you have the Syslog level set to debug' on the M300/700? If not can you set Syslog level to debug, re-test and provide the Syslog.



Regards,


Snom Support

I raised a Ticket #30906

Hi, sorry opening up this old Thread, but it's exactly the problem we're expiriencing with our M700.


We're running on:

Firmwareversion:IPDECT/04.50/B0013/12-Nov-2019 14:03

As soon as I enable TLS security and Port 636, it does not work. Port 389 without TLS is working flawlessly.


I did also import the root certificate which usually solves SSL issues on other system, but it did not help here.


Any idea how to solve this? The log is on debug, but it's only showing this related to LDAP:


loc6 .Debug 2020-06-11T16:03:06Z 04-[ SYNCMGR: Keep-alive timeout: State Keep-alive]

loc3 .Info 2020-06-11T16:03:06Z 04-[ LDAP: LDAP_BIND_CFM fails. 15] 

Felix,


Can you reboot the base and then check to see if the LDAPS connection has been established. Please also set the Syslog to debug level before rebooting and save a copy to .txt file after it boots up.



Regards,


Snom Support

Hi Sean,


thanks for the quick response. The log is showing the following related to LDAP:

 

loc3 .Debug 2020-06-11T16:37:13Z 04-[ LDAP Open Client conn -> Destination: 10.xxx:636. Cnt: 0] 

loc3 .Debug 2020-06-11T16:39:35Z 04-[ LDAP: ldap_init succeeded. uri: ldap://10.xxx:636 ] 

loc3 .Debug 2020-06-11T16:39:35Z 04-[ LDAP Use excisting connection. Client conn -> Destination: 10.xxx:636. Cnt: 1. Use TLS:1] 

loc3 .Debug 2020-06-11T16:39:35Z 04-[ LDAP failed - Timeout: Socket[14] TriggCount#1] 

loc3 .Info 2020-06-11T16:39:35Z 04-[ LDAP: Bind UN-successful. rc: -1] 

loc3 .Info 2020-06-11T16:39:35Z 04-[ LDAP: LDAP_BIND_CFM fails. 35] 

 


I did a portquery from the same subnet as the M700 to unsure network connectivity to this server (no firewalls in between).


Name resolved to 10.xxx

querying...

TCP port 636 (ldaps service): LISTENING

UDP port 636 (unknown service): LISTENING or FILTERED

 

Felix,


It would appear the connection is closing. The M700 opens the TLS connection on boot up and the connection should remain open. Are you able to get a pcap trace of the TLS handshake and determine which side is closing the connection?


Regards,


Snom Support

Snom already stated in my "private" ticket, that the M700 only supports LDAPs, if the connection is established once after the reboot and never closes afterwards, because it is not reestablished again. This is - in my opinion - a completely unrealistic scenario. Therefore, the Snom M700 cannot be used in daily business for LDAPs.


Login or Signup to post a comment