[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Require use of SSL..



man, 08.03.2004 kl. 07.01 skrev adp:

> I have been studying 'require' for slapd, but it doesn't appear to do what I
> want. Hopefully someone can help here. I want to force all connections to be
> over SSL. Is there an easy way to do this? I know that OpenLDAP supports
> both ldaps (just ldap over SSL on port 636 from what I can see) and StartTLS
> (port 389). What I can't see is how to enforce the use of StartTLS.

'man slapd.conf' -> security -> tls=1. Not very clear in the man;
nevertheless, it works - for 2.1.25 and 2.2.x

>  Also, is
> there any reason why this would be a bad idea? We are using LDAP mostly to
> auth user logins (not yet actually).

Certain clients - e.g. Courier maildrop 1.6.3 - can't cope with TLS/SSL
at all, and won't in the near future.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl