Hello Thomas. You can disable the plain LDAP port by setting
nsslapd-port to 0 in dse.ldif. The errors log should say that the
non-secure port is disabled when you start up again. I don't think
there's a way to get the server to require successful start-TLS on the
plain port before accepting any other operations.
Thomas Cramer wrote:
I would like to require that *only* SSL/TLS connections be allowed to
my server. This is not to be confused with wanting SSL client
authentication. I had initially thought I could do this with ACI
using the authmethod="ssl", however after looking at the documentation
closely and experimentation this refers to do client based SSL
authentication as well. I do have SSL/TLS set up correctly, I just
want to disallow non-encrypted traffic.
In OpenLDAP I would merely state "security ssf=128" to require SSL/TLS
only connections.
Anyone know how to do this in FDS?
==
tc
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
