<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Exactly what I was looking for! Thank you!!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 18 November 2015 at 13:26, Ludwig Krispenz <span dir="ltr"><<a href="mailto:lkrispen@redhat.com" target="_blank">lkrispen@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    you could set minssf: <br>
<a href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections" target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections</a><div><div class="h5"><br>
    <br>
    <div>On 11/18/2015 07:24 AM, Prashant Bapat
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Hi, </div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif">We have a pair of freeipa servers (4.1.4) and a
          bunch of Linux clients configured to talk to them thru
          pam-nss-ldapd (no sssd). I want to ensure that these clients
          only talk to freeipa's LDAP server either via ldaps or
          ldap+starttls. Plain ldap should not be allowed. </div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif">I can always switch to ldaps only and close the
          tcp/389 port on the firewall. But is there a way to achieve
          this using tcp/389 port.?</div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Any suggestions appreciated. </div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br>
        </div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Thanks.</div>
        <div class="gmail_default" style="font-family:trebuchet ms,sans-serif">--Prashant</div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
    </blockquote>
    <br>
  </div></div></div>

<br>--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div>