<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Thank you!<div><br></div><div>David</div><div><br><div><div>On Sep 2, 2014, at 18:10, Rich Megginson <<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div text="#000000" bgcolor="#FFFFFF" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div class="moz-cite-prefix">On 09/02/2014 06:56 PM, David Barr wrote:<br></div><blockquote cite="mid:0F0C16F8-AEC2-4228-9916-A20C0FDB7660@dafydd.com" type="cite"><pre wrap="">Good Morning!
I’m having a bad time finding documentation on how I would set up my 389-ds to only listen to localhost:389, and require all other connections to happen on port 636. The server is headless, so using the console is less than optimum.
Has anything like that been written?
</pre></blockquote><a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_listenhost_Listen_to_IP_Address">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_listenhost_Listen_to_IP_Address</a><br><br><a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_securelistenhost">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_securelistenhost</a><br><br>You might also be interested in using ldapi + autobind instead of localhost<br><a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#nsslapd-ldapilisten">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#nsslapd-ldapilisten</a><br><a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#nsslapd-ldapiautobind">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#nsslapd-ldapiautobind</a><br><br>use starttls instead of ldaps, and use nsslapd-minssf to require secure connections<br><a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#nsslapd-minssf">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#nsslapd-minssf</a><br><br><blockquote cite="mid:0F0C16F8-AEC2-4228-9916-A20C0FDB7660@dafydd.com" type="cite"><pre wrap="">Thanks!
David
--
David - Offbeat <a class="moz-txt-link-freetext" href="http://dafydd.livejournal.com/">http://dafydd.livejournal.com</a>
dafydd - Online <a class="moz-txt-link-freetext" href="http://pgp.mit.edu/">http://pgp.mit.edu/</a>
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Dr. Viktor Frankenstein enters into a body building competition
only to find he has seriously misunderstood the objective.
</pre><br><fieldset class="mimeAttachmentHeader"></fieldset><br><pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre></blockquote><br>--<br>389 users mailing list<br><a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br><a href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div></blockquote></div><br><div apple-content-edited="true">
--<br><br>David - Offbeat<span class="Apple-tab-span" style="white-space: pre;"> </span><a href="http://dafydd.livejournal.com">http://dafydd.livejournal.com</a><br>dafydd - Online<span class="Apple-tab-span" style="white-space: pre;"> </span>http://pgp.mit.edu/<br>Battalion 4 - Black Rock City Emergency Services Department<br><span class="Apple-tab-span" style="white-space: pre;"> </span>Integrity*Commitment*Communication*Support<br><br>----5----1----5----2----5----3----5----4----5----5----5----6----5----7--<br><br>Dr. Viktor Frankenstein enters into a body building competition<div>only to find he has seriously misunderstood the objective.</div><div><br><br></div>
</div>
<br></div></body></html>