[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How enforce TLS connection to openldap server only?

To: Yan Gong <yan@fabric.com>, openldap-technical@openldap.org
Subject: Re: How enforce TLS connection to openldap server only?
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Wed, 19 Sep 2012 20:27:16 -0700
Content-disposition: inline
In-reply-to: <887751294.85506.1348102719358.JavaMail.root@mail>
References: <887751294.85506.1348102719358.JavaMail.root@mail>

--On Wednesday, September 19, 2012 8:58 PM -0400 Yan Gong <yan@fabric.com>wrote:



Sir/Madam:



I successfully set up TLS on both openldap server and client through port
389 on ubuntu.

I didn't use SSL through port 636.

However, I found non encrypted/clear text connections can be made through
port 389

to the openldap server as well.

How can I enforce TLS connection only and reject any non encrypted
connections?

Should I use olcAccess or olcSecurity? or both? I couldn't find any
detailed steps/documentation

olcSecurity would enforce encryption for any and all connections. Notethat you have to restart slapd for it to take effect.


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- How enforce TLS connection to openldap server only?
  - From: Yan Gong <yan@fabric.com>

Prev by Date: How enforce TLS connection to openldap server only?
Next by Date: LDAP URI
Index(es):
- Chronological
- Thread