[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Refusing connections when START_TLS is not sent

To: openldap-software@OpenLDAP.org
Subject: Re: Refusing connections when START_TLS is not sent
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 10 Dec 2003 17:12:28 +0100
In-reply-to: <1071073601.3196.17.camel@bunting.pm-soft.be> (Pierre Moermans's message of "10 Dec 2003 17:26:34 +0100")
References: <1071073601.3196.17.camel@bunting.pm-soft.be>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hi,

Pierre Moermans <pmoermans@linuxmail.org> writes:

> Dear list,
>
> As far as I understand, clients using the START_TLS instruction must do
> so on the standard (PLAIN text) port, usually, the port 389.
> I've done that, and it worked fine.
>
> Now, I would like to refuse PLAIN text communication when the START_TLS
> command is not sent by the client. I've been googling for a while with
> no success.
> Does anybody know how to do that ?

TLSVerifyClient demand

See man slapd.conf(5), TLS Options.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

References:
- Refusing connections when START_TLS is not sent
  - From: Pierre Moermans <pmoermans@linuxmail.org>

Prev by Date: Re: no structuralObject in entry?
Next by Date: Re: LDIF and JNDI
Index(es):
- Chronological
- Thread