Graham Seaman wrote:
Hi,
I'm trying to set up Fedora DS to be accessible only with SSL. My DS
is on a standalone remote server, with most ports firewalled. If I
open ports 389 and 636, I can run ldapsearch ok using SSL (the access
log shows 'SSL connection.. using 256-bit AES') but I can also choose
not to use SSL and still make queries. If I close port 389, I can't
connect to the server with or without SSL - I just get
'ldap_start_tls: Can't contact LDAP server (-1)'. This is even if I
explicitly specify port 636, not just relying on the '-Z' flag for
ldapsearch.
Is it possible to close down non-SSL access? (I am not using the admin
server, so this needs to be through manual configuration)
No. There is no way to say "connections on port 389 must use
startTLS". You can set nsslapd-port to 0 in dse.ldif to shut off all
ldap traffic and rely solely on ldaps (636), but that will not work with
clients that expect startTLS.
Thanks for any advice
Graham
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
