[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force StartTLS on port 389

To: Fabio Spelta <spelta@linux.it>, openldap-software@OpenLDAP.org
Subject: Re: Force StartTLS on port 389
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 17 Nov 2004 09:49:37 -0800
Content-disposition: inline
In-reply-to: <419B88BE.7020806@linux.it>
References: <419B88BE.7020806@linux.it>

--On Wednesday, November 17, 2004 6:22 PM +0100 Fabio Spelta <spelta@linux.it> wrote:

Hello list.
I'm wondering if it's possible to configure slapd forcing it to listen
only to the 389 port (that should be easy, by running ithe daemon with
the adequate -h option) *and* accepting *only* TLS cyphered traffic, both
for authentication and for all the queries and their result. I searched
both the list archives and the FAQ-O-Matiq without founding the answer.

Thank you very much - this list supplies very well to the lack of
documentation about the topic.


man slapd.access

Read about "ssf" settings in ACL's. This allows you to enforce sessions to have an adequate security factor before you'll do anything with them.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Force StartTLS on port 389
  - From: Fabio Spelta <spelta@linux.it>

Prev by Date: Re: Active Directory port ? to be contacted by slurpd
Next by Date: Group/membership storage methods and traversal
Index(es):
- Chronological
- Thread