Hello Thomas. You can disable the plain LDAP port by setting nsslapd-port to 0 in dse.ldif. The errors log should say that the non-secure port is disabled when you start up again. I don't think there's a way to get the server to require successful start-TLS on the plain port before accepting any other operations. Thomas Cramer wrote: > I would like to require that *only* SSL/TLS connections be allowed to > my server. This is not to be confused with wanting SSL client > authentication. I had initially thought I could do this with ACI > using the authmethod="ssl", however after looking at the documentation > closely and experimentation this refers to do client based SSL > authentication as well. I do have SSL/TLS set up correctly, I just > want to disallow non-encrypted traffic. > > > In OpenLDAP I would merely state "security ssf=128" to require SSL/TLS > only connections. > > Anyone know how to do this in FDS? > > > > == > tc > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
