Rich Megginson wrote:
Graham Seaman wrote:
Is it possible to close down non-SSL access? (I am not using the
admin server, so this needs to be through manual configuration)
No. There is no way to say "connections on port 389 must use
startTLS". You can set nsslapd-port to 0 in dse.ldif to shut off all
ldap traffic and rely solely on ldaps (636), but that will not work
with clients that expect startTLS.
I seem to be misunderstanding the general security model around ldap
directory connections. I read in the wikipedia article on ldap that use
of both ldaps and port 663 are deprecated. Are there any pages on the
Fedora DS wiki or elsewhere that describe good practice for safe
connections?
Graham
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
