[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: reject_external_nonTLS_binds
On Fri, Jun 06, 2003 at 01:15:58AM -0700, Howard Chu wrote:
> This would probably be frowned on since it uses non-standard mechanisms, but
> I'd do something like this - First only enable cleartext connections on
> localhost, and then only enable ldaps from anywhere else: slapd -h
> "ldap://localhost/ ldaps:///" Note that using ldaps precludes the use of
> StartTLS, so the "-Z" client options must be omitted.
FWIW I second that. I like the idea of testing both in clear text
and encrypt externally. Mind you this is not my speciality. But,
it is a very_reasonable way of operating. (Even if not std compliant.)
Best Regards,
dreamwvr@dreamwvr.com
--
/* Security is a work in progress - dreamwvr */
# 48 69 65 72 6F 70 68 61 6E 74 32
# Note: To begin Journey type man afterboot,man help,man hier[.]
# 66 6F 72 20 48 69 72 65 0000 0001
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-]