[Date Prev][Date Next] [Chronological] [Thread] [Top]

Forcing use of TLS?


 I have TLS set up with slapd and slapd does not allow anonymous searches, and
instead uses tcp wrappers.

 But - how can I stop somebody from using a ldap tool (like ldapsearch) on
a trusted host and passing a clear text password when they use '-W' to
authenticate with a BIND DN.  Using the '-ZZ' option forces TLS, but
is there a way to tell slapd to not allow ANYTHING unless it comes in with


<><  ><> <><  ><> <><  ><> <><  ><> <><  ><> <><  

Ken Kleiner
System Manager
Computer Science Department
Umass Lowell

voice : 978 934 3645
fax : 978 934 3551

cell : 603 930 5582 (emergencies only, please)