[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to only accept TLS connection on port 389


On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
connecting.  If you want to restrict clients to using just the
former or the latter, eliminate one or the other listener.

I guess I didn't explain properly in the first place: If I open port 389, and even though I accept TLS, I can not force client to use an encrypted connection.

Which is what I want to achieve.
The aim is to prevent any non-encrypted connection to openldap.
And I can't just use port 636 (ldaps) as I have a few clients that
only work with a StartTLS operation

Is this something possible?

ldap:// on port 389 and use of Start TLS operation to initiate
TLS (SSL) is the standard way of securing LDAP with TLS.

Yes. you are 100% correct, I just want to enforce is. Jean-Yves