Ajeet S Raina wrote: > I installed the fresh 389 -DS on my machine. I too ran setupssl2.sh > and configured https:// for Management Console. > But if i try running: > > # netstat -pant | grep 389 > tcp 0 0 :::389 > :::* LISTEN 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:55256 > <http://10.14.37.91:55256> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.146:1777 > <http://10.14.37.146:1777> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:44009 > <http://10.14.37.91:44009> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.10:1192 > <http://10.14.53.10:1192> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.146:3651 > <http://10.14.37.146:3651> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:37322 > <http://10.14.37.91:37322> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.210.53.152:2810 > <http://10.210.53.152:2810> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.146:3650 > <http://10.14.37.146:3650> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.47.22:43948 > <http://10.14.47.22:43948> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.146:1778 > <http://10.14.37.146:1778> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.34:2679 > <http://10.14.53.34:2679> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:51965 > <http://10.14.37.91:51965> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:37359 > <http://10.14.37.91:37359> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.47.22:39271 > <http://10.14.47.22:39271> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.21:3212 > <http://10.14.53.21:3212> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:37377 > <http://10.14.37.91:37377> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:37379 > <http://10.14.37.91:37379> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:44003 > <http://10.14.37.91:44003> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.34:2681 > <http://10.14.53.34:2681> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.21:2926 > <http://10.14.53.21:2926> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:37380 > <http://10.14.37.91:37380> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:37381 > <http://10.14.37.91:37381> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:37365 > <http://10.14.37.91:37365> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.37.91:44006 > <http://10.14.37.91:44006> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.152:2806 > <http://10.14.53.152:2806> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.120:1991 > <http://10.14.53.120:1991> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.14.47.24:389 > <http://10.14.47.24:389> ::ffff:10.14.53.21:3034 > <http://10.14.53.21:3034> ESTABLISHED 10756/ns-slapd > > #netstat -pant | grep 636 > [root@389-supplier ~]# netstat -pant | grep :636 > tcp 0 0 :::636 > :::* LISTEN 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.120:1771 > <http://10.210.53.120:1771> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.120:1770 > <http://10.210.53.120:1770> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.209.37.146:3648 > <http://10.209.37.146:3648> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.209.37.146:3649 > <http://10.209.37.146:3649> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.34:2677 > <http://10.210.53.34:2677> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.21:3202 > <http://10.210.53.21:3202> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.34:2676 > <http://10.210.53.34:2676> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.21:3203 > <http://10.210.53.21:3203> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.152:2787 > <http://10.210.53.152:2787> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.152:2802 > <http://10.210.53.152:2802> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.21:2940 > <http://10.210.53.21:2940> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.209.37.146:1774 > <http://10.209.37.146:1774> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.10:1205 > <http://10.210.53.10:1205> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.21:2939 > <http://10.210.53.21:2939> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.210.53.10:1204 > <http://10.210.53.10:1204> ESTABLISHED 10756/ns-slapd > tcp 0 0 ::ffff:10.209.47.24:636 > <http://10.209.47.24:636> ::ffff:10.209.37.146:1773 > <http://10.209.37.146:1773> ESTABLISHED 10756/ns-slapd > > > How can I make it work for only 636 port? The easy way is to shutdown the server edit dse.ldif - change nsslapd-port: 0 start up the server However, current versions of 389 give you a lot of flexibility in how to handle secure connections. For example, you may want to allow the startTLS operation which starts an encrypted channel on port 389. You can restrict connections to require startTLS or other encryption methods (e.g. SASL/GSSAPI with minssf > somevalue). See http://directory.fedoraproject.org/wiki/Roadmap Add require secure binds switch Access based on the security strength of the connection Ability to shut off anonymous access > > > > > > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
