[Freeipa-users] forcing ldaps and https
Alexander Bokovoy
abokovoy at redhat.com
Fri Sep 4 13:27:14 UTC 2015
On Fri, 04 Sep 2015, Danilo Aghemo wrote:
>Hi all,
>how can I force ipa-client to prefer LDAPS and HTTPS over LDAP and HTTP?
>I've google before, but with no results.
>
>I know that the server discovery is based upon SRV records in the DNS and
>these points to 389, not 636. I don't know nor how to change from 389 to
>636, nor is this would automatically enable LDAPS on port 636. Then, I have
>to get rid of HTTP and use HTTPS only.
LDAPS is deprecated in favor of StartTLS and not recommended. The client
actually uses STARTTLS on port 389, not a plain LDAP.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list