The Tivoli® Storage Manager server can be configured to listen on four TCP/IP ports: two for regular protocols and two for the Transport Layer Security (TLS) protocols.
If you authenticate passwords with an LDAP directory server, the connection between the LDAP directory server and the Tivoli Storage Manager server must be protected. The connection between a Tivoli Storage Manager server and an LDAP directory server defaults to port 389. You do not have to use this port number and can define the port by setting the LDAPURL option.
If the ADMINONCLIENTPORT option is set to NO, TLS administrative client sessions require that you specify the SSLTCPADMINPORT option with a port number other than the one specified by the SSLTCPPORT option. The SSLTCPPORT and SSLTCPADMINPORT options do not affect the TCPPORT or TCPADMINPORT options and their interaction with the ADMINONCLIENTPORT option. To enable TLS 1.2, specify the SSLTLS12 or SSLDISABLELEGACYTLS option. For server and storage agent communication, if SSLDISABLELEGACYTLS is specified, TLS sessions must connect at a minimum level of TLS 1.2 or they are rejected.
The backup-archive client user decides which protocol to use and which port to specify in the dsmserv.opt file for the SSLTCPADMINPORT option. If the backup-archive client requires TLS authentication but the server is not in TLS mode, the session fails.