We couldn't find a "straightforward" option for this (if someone wiser knows
one please enlighten me!), so as far as we worked out there are two means of achieving
this:
1) Combination of two config options: nsslapd-allow-anonymous-access: off +
nsslapd-require-secure-binds: on
First means that users must bind to the directory before doing anything
Second means that users can only bind when a session is encrypted with TLS
As mentioned here -
http://lists.fedoraproject.org/pipermail/389-users/2010-January/010761.html - and
elsewhere in the docs
2) Block access at a socket level (e.g. iptables or otherwise) to the cleartext LDAP port;
e.g. drop traffic to 389 and only allow traffic to 636
-----Original Message-----
From: 389-users-bounces(a)lists.fedoraproject.org
[mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Antony
Sent: Monday, August 09, 2010 3:29 PM
To: 389-users(a)lists.fedoraproject.org
Subject: [389-users] Allow only SSL-connections
Hi all.
I'd like to make 389 Port DS allow only secure(SSL/TLS) connections and to disable
listening for non-SSL connections.
Is it possible? If so, how would I do that?
Thanks in advance!
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________