[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: require StartTLS

If you want to disable simple bind (password) etc. without encryption,
you might go along the lines:

security ssf=1 update_ssf=112 simple_bind=112

in slapd.conf

>>> Am Sun, 26 Feb 2012 11:49:14 +0100
>>> schrieb Daniel Pocock <daniel@pocock.com.au>:

>>>> Is there some way to ensure that a client who connects on port 389
>>>> can do nothing without StartTLS?
>>>> Or is it necessary to just disable port 389 and only listen for
>>>> ldaps:/// ?

That would be another option, its feasibility depending on your environment.

kind regards /markus