[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Require SSL transport?



justin,

do a "man slapd" and look at the "-h" option.

starting your server with "slapd -h ldaps:///" should prevent it from
listening on anything other than port 636.

jens



On 2/2/01 10:56, "Justin Hahn" <jhahn@profitlogic.com> wrote:

> Over the past couple days I've beens setting up OpenLDAP as a substitute for
> NIS. To do
> this I want all communications done with the LDAP server to be over SSL
> exclusively. But
> I can't seem to figure out how to get openldap to ignore requests that
> aren't over SSL.
> (i.e. ldapsearch -ZZ -x '(objectclass=*)' gives me exactly what I expect,
> but take away -ZZ and I get the same results back. Which isn't what I want.)
> 
> Is there any ACL I can use to grant no access if SSL isn't being used? A
> config
> option? A commandline option to slapd?
> 
> Thanks!