--- Richard Megginson <rmeggins at redhat.com> wrote: > the openldap ldapsearch -Z does startTLS, which tries to startup a > secure connection using the non-secure port - basically, so you can have > ldap listen only to 389 and have SSL/TLS on that port. So then you may > ask "Ok, that's fine, but how do I disable non-secure connections on > 389?" I'm not sure how you can do that at the connection level, but at > the entry level you can set ACIs to allow access only if using SSL/TLS. Can you give me an example, please? ldapsearch aside, even though SSL is enabled on the server, everything (including the password) is being transmitted clear text -- I can see it in ethereal when I try to ssh to an ldap client. __________________________________________ Yahoo! DSL ? Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
