1. Ports
  2. Port 1636

Port 1636: LDAPS (Non-Privileged) — The Directory Server Port for Regular Users

Port 1636 carries LDAPS (LDAP Secure) traffic—but only when you need it to.

The Privilege Problem

On Unix-like systems, ports below 1024 are privileged. Only root can bind to them. This is a security measure—it prevents random users from impersonating critical services.

The standard LDAPS port is 636. But 636 requires root access. If you're running a directory server as a regular user—maybe for development, maybe because your organization's security policy forbids running services as root—you can't use port 636.

Port 1636 is the solution. It's above 1024, which means any user can bind to it. Same protocol, same encryption, no root required.1

What LDAPS Does

LDAPS is LDAP wrapped in TLS/SSL encryption. LDAP (Lightweight Directory Access Protocol) queries directory services—looking up user information, authentication credentials, organizational data. Without encryption, this information travels in plaintext.

LDAPS encrypts the connection from the start. No plaintext, no exposure.2

When You See Port 1636

Red Hat Directory Server uses 1636 by default when installed as a non-privileged user. During installation, if you don't have root permissions, the installer prompts for ports above 1024—typically 1389 for LDAP and 1636 for LDAPS.1

Oracle Directory Server similarly uses 1636 as an alternative LDAPS port for non-root installations.

Development environments often use 1636 because developers don't want to run services as root on their local machines.

The Official Assignment (That Nobody Uses)

IANA officially assigned port 1636 to isdc (ISP shared public data control).3 This service is essentially extinct. Nobody uses it. The real-world use of port 1636 is LDAPS for non-privileged users.

This is common in the port world—official assignments get superseded by practical necessity.

Security Considerations

If you see traffic on port 1636, verify what's actually using it:

# Linux/macOS - see what's listening on port 1636
sudo lsof -i :1636

# Linux - using netstat
sudo netstat -tulpn | grep 1636

# Windows
netstat -ano | findstr :1636

Legitimate LDAPS traffic is encrypted and should be between directory servers and clients. Unexpected traffic could indicate:

  • A misconfigured service
  • An unauthorized directory server
  • Malware using the port (rare, but possible)

Why Non-Privileged Ports Matter

The gap between privileged and non-privileged ports creates flexibility. You can run the same protocols without requiring root access. This matters for:

  • Development — Developers testing directory services locally
  • Security policies — Organizations that forbid root-level services
  • Containerization — Containers often run as non-root users
  • Testing — QA environments that mirror production functionality without production privileges

Port 1636 isn't glamorous. But it solves a real problem: how do you secure directory queries when you're not running as root?

Related Ports

  • Port 389 — LDAP (unencrypted)
  • Port 636 — LDAPS (privileged)
  • Port 1389 — LDAP (non-privileged alternative)
  • Port 3268 — Global Catalog LDAP (Active Directory)
  • Port 3269 — Global Catalog LDAPS (Active Directory)

Frequently Asked Questions About Port 1636

Poprzedni

Port 1635: EDB Server 1 — The Registered Mystery

Następny

Port 1637: ISLC — The registered port with no story

Czy ta strona była pomocna?

😔
🤨
😃