Hello...
When running slapd with ldap:/// and ldaps:///, I understand that it
is listening on port 389 and 636. If my clients have /etc/ldap.conf
with an entry of 'ssl start_tls', I assume that means that my session
is encrypted (i.e. all data passed back and forth from client -> server
is munged).
This being the case, I'm sure it is extremely critical to only allow
connections to slapd from trusted hosts, using tcp wrappers - correct?
If not, anybody can talk to my 389 port and therefore sniff.
I have tested with just ldaps:///, and it works, but I fear I can't
use slurpd/replication unless I use 389 - is that right?