[Date Prev][Date Next]
force TLS and rootdn
I want to force clients to use TLS except on the IPv4 loopback interface.
As suggested by Aaron I have the following ACL as the very first one
# first, make sure TLS or localhost
access to *
by tls_ssf=1 none break
by peername.ip="127.0.0.1" none break
by * none
followed by my "real" ACLs.
Everything is working as expected but I've just noticed that I can
bind to the server with my rootdn in cleartext.
Is this expected? Is there a way to prevent this?