On 11/27/18 10:14 AM, Peter Tselios via FreeIPA-users wrote:
My understanding is that FreeIPA is configured to accept connections on port 389 and the
StartTLS is configured.
I managed to connect to the IPA server by using ldapsearch -x and without -ZZ so, I
suppose the TLS is not enforced.
Is there any option force TLS connections only? Obviously, I would prefer something that
can be replicated and not to manually edit the configuration files, but I can live with
On the DS side you can set "nsslapd-require-secure-binds" to "on"
cn=config. Attributes under cn=config do not replicate so this would
have to be done manually to all your instances:
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: