[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to only accept TLS connection on port 389

To: openldap-software@openldap.org
Subject: Re: How to only accept TLS connection on port 389
From: "Jean-Yves Avenard" <jyavenard@gmail.com>
Date: Mon, 22 Jan 2007 16:11:43 +1100
Content-disposition: inline
In-reply-to: <200701220501.l0M51RGZ001926@boole.openldap.org>
References: <cb44e8370701211732x20d9882ax23adde2396bf13b4@mail.gmail.com> <200701220501.l0M51RGZ001926@boole.openldap.org>

Hello

On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:

connecting.  If you want to restrict clients to using just the
former or the latter, eliminate one or the other listener.


I guess I didn't explain properly in the first place:
If I open port 389, and even though I accept TLS, I can not force
client to use an encrypted connection.

Which is what I want to achieve.
The aim is to prevent any non-encrypted connection to openldap.
And I can't just use port 636 (ldaps) as I have a few clients that
only work with a StartTLS operation

Is this something possible?

ldap:// on port 389 and use of Start TLS operation to initiate
TLS (SSL) is the standard way of securing LDAP with TLS.


Yes. you are 100% correct, I just want to enforce is.
Jean-Yves

References:
- How to only accept TLS connection on port 389
  - From: "Jean-Yves Avenard" <jyavenard@gmail.com>
- Re: How to only accept TLS connection on port 389
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OpenLDAP issues when connecting over SSL
Next by Date: Re: How to only accept TLS connection on port 389
Index(es):
- Chronological
- Thread