Hi Isabella,
Regards
Pierre
To complete Simon's answer:
An alternative of disabling non anonymous bind on insecure connection is to fully disable 389 port as explained in https://directory.fedoraproject.org/docs/389ds/howto/howto-listensslonly.html
So you can both use that trick and configure replication over ldaps.
But check that none of the client applications requires anonymous access over ldap (to get the schema or some attributes of the root entry).
Regards
Pierre
On Fri, Apr 1, 2022 at 10:19 PM Simon Pichugin <spichugi@xxxxxxxxxx> wrote:
Hi Isabella,I'm not sure if I fully understood what you want to achieve.But you can configure your replication agreements with secure 636 port connections. You can check examples here:Also, you can enable this setting to make sure that a user authenticates to the directory over a protected connection only:I hope that helps!Sincerely,Simon_______________________________________________On Fri, Apr 1, 2022 at 11:11 AM Ghiurea, Isabella <Isabella.Ghiurea@xxxxxxxxxxxxxx> wrote:_______________________________________________Hi
Please I need to know to know if we can block port 389 presently used for replication multimaster replication and replaced with port 636 will this work ?
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
389 Directory Server Development Team
389 Directory Server Development Team
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
