<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
you could set minssf: <br>
<a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections</a><br>
<br>
<div class="moz-cite-prefix">On 11/18/2015 07:24 AM, Prashant Bapat
wrote:<br>
</div>
<blockquote
cite="mid:CAN9aUrg8+F_Z1MzdxKjd+3m-EmVxuuMXg5SWjLbRxwi9GJf1ug@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif">Hi, </div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif">We have a pair of freeipa servers (4.1.4) and a
bunch of Linux clients configured to talk to them thru
pam-nss-ldapd (no sssd). I want to ensure that these clients
only talk to freeipa's LDAP server either via ldaps or
ldap+starttls. Plain ldap should not be allowed. </div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif">I can always switch to ldaps only and close the
tcp/389 port on the firewall. But is there a way to achieve
this using tcp/389 port.?</div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif">Any suggestions appreciated. </div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif">Thanks.</div>
<div class="gmail_default" style="font-family:trebuchet
ms,sans-serif">--Prashant</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>