[Fedora-directory-users] enforcing ssl
Graham Seaman
G.Seaman at lse.ac.uk
Thu Nov 6 10:25:59 UTC 2008
Rich Megginson wrote:
> Graham Seaman wrote:
>> Is it possible to close down non-SSL access? (I am not using the
>> admin server, so this needs to be through manual configuration)
> No. There is no way to say "connections on port 389 must use
> startTLS". You can set nsslapd-port to 0 in dse.ldif to shut off all
> ldap traffic and rely solely on ldaps (636), but that will not work
> with clients that expect startTLS.
I seem to be misunderstanding the general security model around ldap
directory connections. I read in the wikipedia article on ldap that use
of both ldaps and port 663 are deprecated. Are there any pages on the
Fedora DS wiki or elsewhere that describe good practice for safe
connections?
Graham
More information about the Fedora-directory-users
mailing list