Hello, in past, I've created a simple plug-in for disabling authenticated binds over non-encrypted lines. But still allowing anonymous binds over LDAP. I did know about nsslapd-require-secure-binds but if recall correctly it is including SASL authenticated binds which I believe protects only user password and not transferred data. I published plug-in here: https://github.com/CESNET/389ds-plugin-ldapsonly but it is maybe obsoleted today. Today I think is TLS a must. Is it possible to disable 389 port at all? Or instruct 389 DS to bind port 389 on localhost? -- ----------------------- Jan Tomasek aka Semik http://www.tomasek.cz/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
