On 11/27/18 10:14 AM, Peter Tselios via FreeIPA-users wrote:
Hello,
My understanding is that FreeIPA is configured to accept connections on port
389 and the StartTLS is configured.
I managed to connect to the IPA server by using ldapsearch -x and without -ZZ
so, I suppose the TLS is not enforced.
Is there any option force TLS connections only? Obviously, I would prefer
something that can be replicated and not to manually edit the configuration
files, but I can live with that :)
On the DS side you can set "nsslapd-require-secure-binds" to "on" under
cn=config. Attributes under cn=config do not replicate so this would
have to be done manually to all your instances:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/configuring-special-binds#requiring-secure-binds
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org