[Fedora-directory-users] enforcing ssl
Graham Seaman
G.Seaman at lse.ac.uk
Wed Nov 5 16:15:34 UTC 2008
Hi,
I'm trying to set up Fedora DS to be accessible only with SSL. My DS is
on a standalone remote server, with most ports firewalled. If I open
ports 389 and 636, I can run ldapsearch ok using SSL (the access log
shows 'SSL connection.. using 256-bit AES') but I can also choose not to
use SSL and still make queries. If I close port 389, I can't connect to
the server with or without SSL - I just get 'ldap_start_tls: Can't
contact LDAP server (-1)'. This is even if I explicitly specify port
636, not just relying on the '-Z' flag for ldapsearch.
Is it possible to close down non-SSL access? (I am not using the admin
server, so this needs to be through manual configuration)
Thanks for any advice
Graham
More information about the Fedora-directory-users
mailing list