[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Forcing start_tls on client connections?
<quote who="Bill Johnstone">
> Hello.
>
> If you search the mailing list archives, you'll find I asked a similar
> question earlier.
Oops, yes that should have been my first point of call.
>
> I believe the recommended solution to this is to use the directive:
>
> security tls=<#>
>
> in slapd.conf, where <#> should be replaced with the "strength" of the
> cryptography being used, e.g. 128 . This takes the same type of
> argument as the security ssf directive.
Ah, yes of course, I forgot that settings.
>
> According to the FAQ on openldap.org , ldaps:// is deprecated in favor
> of TLS on the standard ldap port.
Again, thanks. This is how I already understood it, but wanted to double
check.
Gavin.
>
> --- Gavin Henry <ghenry@suretecsystems.com> wrote:
>
>> Dear List,
>>
>> If running on the started 389 port, is it possible to only allow TLS
>> connections?
>>
>> Or is the better way to switch off port 389 and only listen on
>> ldaps:/// ??
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>