[389-users] Allow only SSL-connections
Daniel Maher
dma+389users at witbe.net
Mon Aug 9 16:07:04 UTC 2010
On 08/09/2010 04:37 PM, Jonathan Boulle wrote:
> 2) Block access at a socket level (e.g. iptables or otherwise) to the cleartext LDAP port; e.g. drop traffic to 389 and only allow traffic to 636
FWIW we use iptables to block access to the unencrypted port (save for a
handful of special cases). It works well, is easy to understand and
maintain, and doesn't require mucking with the 389 application at all.
It's a clean solution, imho.
--
Daniel Maher <dma + 389users AT witbe DOT net>
More information about the 389-users
mailing list