[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forcing start_tls on client connections?


If you search the mailing list archives, you'll find I asked a similar
question earlier.

I believe the recommended solution to this is to use the directive:

security tls=<#>

in slapd.conf, where <#> should be replaced with the "strength" of the
cryptography being used, e.g. 128 .  This takes the same type of
argument as the security ssf directive.

According to the FAQ on openldap.org , ldaps:// is deprecated in favor
of TLS on the standard ldap port.

--- Gavin Henry <ghenry@suretecsystems.com> wrote:

> Dear List,
> If running on the started 389 port, is it possible to only allow TLS
> connections?
> Or is the better way to switch off port 389 and only listen on
> ldaps:///  ??

Start your day with Yahoo! - make it your home page