Re: [389-users] Allow only SSL-connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You can set nsslapd-port to 0 in dse.ldif, so the server will not listen in the 389 port.

2010/8/9 Daniel Maher <dma+389users@xxxxxxxxx>
On 08/09/2010 04:37 PM, Jonathan Boulle wrote:

> 2) Block access at a socket level (e.g. iptables or otherwise) to the cleartext LDAP port; e.g. drop traffic to 389 and only allow traffic to 636

FWIW we use iptables to block access to the unencrypted port (save for a
handful of special cases).  It works well, is easy to understand and
maintain, and doesn't require mucking with the 389 application at all.
It's a clean solution, imho.

--
Daniel Maher <dma + 389users AT witbe DOT net>
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux