Is there some way to ensure that a client who connects on port 389 can
do nothing without StartTLS?
Or is it necessary to just disable port 389 and only listen for ldaps:/// ?
On 26/02/12 12:15, Dieter Klünter wrote:
Am Sun, 26 Feb 2012 11:49:14 +0100
schrieb Daniel Pocock dan...@pocock.com.au:
Is there some way to ensure that a client who connects on port 389 can
do nothing without StartTLS?
Or is it necessary to just disable port 389 and only listen for
On 26/2/2012 1:39 μμ, Daniel Pocock wrote:
I've looked at the TLS options and I have TLS running fine already. I
notice the TLSCipherSuite option sets the cipher level within TLS, but
it doesn't appear to guarantee that TLS is used.
I am not an expert on it, but I have found this solution:
Look at the options for setting ssf (Security Strength Factors):
http://www.openldap.org/doc/admin24/access-control.html#Granting%20and%20Denying%20access%20based%20on%20security%20strength%20factors%20(ssf)
I typically setup a global minssf of 256 to ensure maximum security, when
possible via
Am Sun, 26 Feb 2012 12:39:26 +0100
schrieb Daniel Pocock dan...@pocock.com.au:
On 26/02/12 12:15, Dieter Klünter wrote:
Am Sun, 26 Feb 2012 11:49:14 +0100
schrieb Daniel Pocock dan...@pocock.com.au:
Is there some way to ensure that a client who connects on port 389
can do
If you want to disable simple bind (password) etc. without encryption,
you might go along the lines:
security ssf=1 update_ssf=112 simple_bind=112
in slapd.conf
Am Sun, 26 Feb 2012 11:49:14 +0100
schrieb Daniel Pocock dan...@pocock.com.au:
Is there some way to ensure that a client who
Dieter Klünter wrote:
Am Sun, 26 Feb 2012 12:39:26 +0100
schrieb Daniel Pocockdan...@pocock.com.au:
On 26/02/12 12:15, Dieter Klünter wrote:
Am Sun, 26 Feb 2012 11:49:14 +0100
schrieb Daniel Pocockdan...@pocock.com.au:
Is there some way to ensure that a client who connects on port 389
