[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Require SSL transport?

To: Justin Hahn <jhahn@profitlogic.com>, "'openldap-software@Openldap.org'" <openldap-software@OpenLDAP.org>
Subject: Re: Require SSL transport?
From: Jens Vagelpohl <jens@digicool.com>
Date: Fri, 02 Feb 2001 11:33:50 -0500
In-reply-to: <419A3E73A18BD211A17000105A1C37E97202B7@mail.grossprofit.com>
User-agent: Microsoft-Entourage/9.0.2509

justin,

do a "man slapd" and look at the "-h" option.

starting your server with "slapd -h ldaps:///" should prevent it from
listening on anything other than port 636.

jens



On 2/2/01 10:56, "Justin Hahn" <jhahn@profitlogic.com> wrote:

> Over the past couple days I've beens setting up OpenLDAP as a substitute for
> NIS. To do
> this I want all communications done with the LDAP server to be over SSL
> exclusively. But
> I can't seem to figure out how to get openldap to ignore requests that
> aren't over SSL.
> (i.e. ldapsearch -ZZ -x '(objectclass=*)' gives me exactly what I expect,
> but take away -ZZ and I get the same results back. Which isn't what I want.)
> 
> Is there any ACL I can use to grant no access if SSL isn't being used? A
> config
> option? A commandline option to slapd?
> 
> Thanks!

Follow-Ups:
- Re: Require SSL transport?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Require SSL transport?
  - From: Adam Shand <larry@spack.org>

References:
- Require SSL transport?
  - From: Justin Hahn <jhahn@profitlogic.com>

Prev by Date: optimizing backend/thread?
Next by Date: Re: slapd 2.0.7 and solaris 8
Index(es):
- Chronological
- Thread