[Date Prev][Date Next]
Re: How to only accept TLS connection on port 389
On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
connecting. If you want to restrict clients to using just the
former or the latter, eliminate one or the other listener.
I guess I didn't explain properly in the first place:
If I open port 389, and even though I accept TLS, I can not force
client to use an encrypted connection.
Which is what I want to achieve.
The aim is to prevent any non-encrypted connection to openldap.
And I can't just use port 636 (ldaps) as I have a few clients that
only work with a StartTLS operation
Is this something possible?
ldap:// on port 389 and use of Start TLS operation to initiate
TLS (SSL) is the standard way of securing LDAP with TLS.
Yes. you are 100% correct, I just want to enforce is.