[389-users] Allow only SSL-connections
Rich Megginson
rmeggins at redhat.com
Mon Aug 9 14:45:38 UTC 2010
Jonathan Boulle wrote:
> We couldn't find a "straightforward" option for this (if someone wiser knows one please enlighten me!), so as far as we worked out there are two means of achieving this:
>
> 1) Combination of two config options: nsslapd-allow-anonymous-access: off + nsslapd-require-secure-binds: on
> First means that users must bind to the directory before doing anything
> Second means that users can only bind when a session is encrypted with TLS
> As mentioned here - http://lists.fedoraproject.org/pipermail/389-users/2010-January/010761.html - and elsewhere in the docs
>
> 2) Block access at a socket level (e.g. iptables or otherwise) to the cleartext LDAP port; e.g. drop traffic to 389 and only allow traffic to 636
>
See http://directory.fedoraproject.org/wiki/SSF_Restrictions
> -----Original Message-----
> From: 389-users-bounces at lists.fedoraproject.org [mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of Antony
> Sent: Monday, August 09, 2010 3:29 PM
> To: 389-users at lists.fedoraproject.org
> Subject: [389-users] Allow only SSL-connections
>
> Hi all.
>
> I'd like to make 389 Port DS allow only secure(SSL/TLS) connections and to disable listening for non-SSL connections.
> Is it possible? If so, how would I do that?
>
> Thanks in advance!
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list