Also note that if your directory requires authentication before any data will be returned, you can use the require secure bind option (http://www.port389.org/docs/389ds/howto/howto-require-secure-binds.html) to force authentication over SSL first. In effect, no data will be returned over the non-SSL port unless the START_TLS extended operation is used. -----Original Message----- From: Mark Reynolds <mreynolds@xxxxxxxxxx> Sent: Tuesday, March 10, 2020 2:12 PM To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx>; Rob Crittenden <rcritten@xxxxxxxxxx>; Matthew Aguirre <matt.aguirre@xxxxxxxxxxxxxxxxx> Subject: [389-users] Re: Force use of secure connections On 3/10/20 4:07 PM, Rob Crittenden wrote: > Matthew Aguirre wrote: >> Is there a way to disable unsecured use of port 389? I am using >> FreeIPA, so the client setup uses port 389 with TLS and that is fine, >> but I'd like to be able to not allow unsecured connections as much as >> possible. >> >> I was able to do this in OpenLdap, but haven't seen a comparable >> solution in ds-389. > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http% > 3a%2f%2fwww.port389.org%2fdocs%2f389ds%2fhowto%2fhowto%2drequire%2dsec > ure%2dbinds.html&umid=CA0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19120b > e9529b25014b618505cb01789c5433dae7-25e3968a0c3410903a9ca98d49b36b9315c > a1f08 The link Rob provided is the best option for you, but for the sake of completeness you can also disable the 389 port (but then you can't use StartTLS): https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.port389.org%2fdocs%2f389ds%2fhowto%2fhowto%2dlistensslonly.html&umid=CA0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19120be9529b25014b618505cb01789c5433dae7-81bd7367c4872f21b3f8bc37c1a4c83129fbb5e5 > > rob > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To > unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https > %3a%2f%2fdocs.fedoraproject.org%2fen%2dUS%2fproject%2fcode%2dof%2dcond > uct%2f&umid=CA0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19120be9529b2501 > 4b618505cb01789c5433dae7-2e3c3001656ee1f3d2cd9c3ad40ae9e75a30e63d > List Guidelines: > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https > %3a%2f%2ffedoraproject.org%2fwiki%2fMailing%5flist%5fguidelines&umid=C > A0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19120be9529b25014b618505cb017 > 89c5433dae7-0fcafd28e101e834a706afc3cd5de0d2181b7876 > List Archives: > https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https > %3a%2f%2flists.fedoraproject.org%2farchives%2flist%2f389%2dusers%40lis > ts.fedoraproject.org&umid=CA0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19 > 120be9529b25014b618505cb01789c5433dae7-d982288bf9447c715674f80fb21b6b6 > 3604299eb -- 389 Directory Server Development Team _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fdocs.fedoraproject.org%2fen%2dUS%2fproject%2fcode%2dof%2dconduct%2f&umid=CA0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19120be9529b25014b618505cb01789c5433dae7-2e3c3001656ee1f3d2cd9c3ad40ae9e75a30e63d List Guidelines: https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ffedoraproject.org%2fwiki%2fMailing%5flist%5fguidelines&umid=CA0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19120be9529b25014b618505cb01789c5433dae7-0fcafd28e101e834a706afc3cd5de0d2181b7876 List Archives: https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2flists.fedoraproject.org%2farchives%2flist%2f389%2dusers%40lists.fedoraproject.org&umid=CA0A5F8D-A085-BD05-99E3-2547EC9F7145&auth=19120be9529b25014b618505cb01789c5433dae7-d982288bf9447c715674f80fb21b6b63604299eb This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
