Sir/Madam: I successfully set up TLS on both openldap server and client through port 389 on ubuntu. I didn't use SSL through port 636. However, I found non encrypted/clear text connections can be made through port 389 to the openldap server as well. How can I enforce TLS connection only and reject any non encrypted connections? Should I use olcAccess or olcSecurity? or both? I couldn't find any detailed steps/documentation
olcSecurity would enforce encryption for any and all connections. Note that you have to restart slapd for it to take effect.
--Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration