[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: require StartTLS

Look at the options for setting ssf (Security Strength Factors):


I typically setup a global minssf of 256 to ensure maximum security, when possible via the 'security minssf=256'.

re:  man slapd.conf


Joshua Miller
ITSA Consulting, LLC

On Feb 26, 2012, at 2:49 AM, Daniel Pocock wrote:

> Is there some way to ensure that a client who connects on port 389 can
> do nothing without StartTLS?
> Or is it necessary to just disable port 389 and only listen for ldaps:/// ?