[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How to only accept TLS connection on port 389
Hi
On 1/22/07, S Kalyanasundaram <skalyanasundaram@novell.com> wrote:
So the port is independent of the connection type?
The only reason I asked this question was because I haven't found a
way to force a TLS connection over 389, without also allowing
non-encrypted connection
I found here:
http://www.openldap.org/doc/admin23/security.html
That I could use the option :
disallow bind_simple_unprotected
However, this option seem to be invalid and give me the error:
/usr/local/etc/openldap/slapd.conf: line 31: <disallow> unknown
feature bind_simple_unprotected
so either I'm not typing it correctly, or the documentation is incorrect.
in the mean time, security ssf=56 and update_ssf=56 seem to do the
trick. I can only authenticate with the ldap server if encryption is
used...
Finding the right documentation is rather a challenge :(
The clear text authentication and as well as secured connection can be made on both the ports (389,636) ?
Then what for the port is being used?
That would be 636. Which would then only allow SSL connection or Start
TLS one, never a clear text one
I assumed 389 is clear text and 636 is encrypted(ssl/tls) one.
Can you please make sure this..
yes I'm sure :)
Thank you all for your help
Regards
Jean-Yves