[Date Prev][Date Next]
Re: Forcing start_tls on client connections?
<quote who="Bill Johnstone">
> If you search the mailing list archives, you'll find I asked a similar
> question earlier.
Oops, yes that should have been my first point of call.
> I believe the recommended solution to this is to use the directive:
> security tls=<#>
> in slapd.conf, where <#> should be replaced with the "strength" of the
> cryptography being used, e.g. 128 . This takes the same type of
> argument as the security ssf directive.
Ah, yes of course, I forgot that settings.
> According to the FAQ on openldap.org , ldaps:// is deprecated in favor
> of TLS on the standard ldap port.
Again, thanks. This is how I already understood it, but wanted to double
> --- Gavin Henry <firstname.lastname@example.org> wrote:
>> Dear List,
>> If running on the started 389 port, is it possible to only allow TLS
>> Or is the better way to switch off port 389 and only listen on
>> ldaps:/// ??
> Start your day with Yahoo! - make it your home page