[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force StartTLS on port 389

--On Wednesday, November 17, 2004 6:22 PM +0100 Fabio Spelta <spelta@linux.it> wrote:

Hello list.
I'm wondering if it's possible to configure slapd forcing it to listen
only to the 389 port (that should be easy, by running ithe daemon with
the adequate -h option) *and* accepting *only* TLS cyphered traffic, both
for authentication and for all the queries and their result. I searched
both the list archives and the FAQ-O-Matiq without founding the answer.

Thank you very much - this list supplies very well to the lack of
documentation about the topic.

man slapd.access

Read about "ssf" settings in ACL's. This allows you to enforce sessions to have an adequate security factor before you'll do anything with them.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html