<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    you could set minssf: <br>
<a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections</a><br>
    <br>
    <div class="moz-cite-prefix">On 11/18/2015 07:24 AM, Prashant Bapat
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAN9aUrg8+F_Z1MzdxKjd+3m-EmVxuuMXg5SWjLbRxwi9GJf1ug@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif">Hi, </div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif">We have a pair of freeipa servers (4.1.4) and a
          bunch of Linux clients configured to talk to them thru
          pam-nss-ldapd (no sssd). I want to ensure that these clients
          only talk to freeipa's LDAP server either via ldaps or
          ldap+starttls. Plain ldap should not be allowed. </div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif">I can always switch to ldaps only and close the
          tcp/389 port on the firewall. But is there a way to achieve
          this using tcp/389 port.?</div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif">Any suggestions appreciated. </div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif">Thanks.</div>
        <div class="gmail_default" style="font-family:trebuchet
          ms,sans-serif">--Prashant</div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <br>
  </body>
</html>