[389-users] Allow only SSL-connections
Juan Asensio Sánchez
okelet at gmail.com
Thu Aug 12 13:06:59 UTC 2010
You can set nsslapd-port to 0 in dse.ldif, so the server will not listen in
the 389 port.
2010/8/9 Daniel Maher <dma+389users at witbe.net <dma%2B389users at witbe.net>>
> On 08/09/2010 04:37 PM, Jonathan Boulle wrote:
>
> > 2) Block access at a socket level (e.g. iptables or otherwise) to the
> cleartext LDAP port; e.g. drop traffic to 389 and only allow traffic to 636
>
> FWIW we use iptables to block access to the unencrypted port (save for a
> handful of special cases). It works well, is easy to understand and
> maintain, and doesn't require mucking with the 389 application at all.
> It's a clean solution, imho.
>
> --
> Daniel Maher <dma + 389users AT witbe DOT net>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100812/0dd37245/attachment.html>
More information about the 389-users
mailing list