I'm going to explain it better.
I don't' want a user enter his credential in an unsecured channel.
First I thought to close 389 and allow only 636, but ldaps is now
deprecated and so I need to allow also 389, but if the user do simple
bind before STARTTLS then credentials will be exposed.
I want something like Sendmail does: no clear text auth is allowed
unless the connection is SSL or STARTTLS based.
I hope it is clear now.
Thank you so much.
Dael.
Diaa Radwan, on 15/06/2008 12.38, wrote:
You can write aci to restrict the authentication method (ssl).
Hope this document would help
https://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Con...
On Sun, Jun 15, 2008 at 1:23 PM, Dael Maselli <Dael.Maselli(a)lnf.infn.it> wrote:
> Hi all,
>
> is there any method to deny simple bind operation unless in a secure
> channel (SSL or STARTTLS)? Do I have to write a plug-in? Hints?
>
> Thank you.
>
> Dael Maselli.
>
>
> --
> ___________________________________________________________________
>
> Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214
> ___________________________________________________________________
>
> Democracy is two wolves and a lamb voting on what to have for lunch
> ___________________________________________________________________
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Diaa Radwan
http://www.fossology.net
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
___________________________________________________________________
Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214
___________________________________________________________________
Democracy is two wolves and a lamb voting on what to have for lunch
___________________________________________________________________