[Freeipa-users] Re: Allowing LDAP only via SSL?

On 8/3/21 6:34 AM, Sam Morris via FreeIPA-users wrote: But is it possible to completely disable port 389 if we don't want any client to ever try non-SSL connections? That will block communication between IPA servers, and from clients to servers. Just for completeness, setting nsslapd-port to

[Freeipa-users] Re: Allowing LDAP only via SSL?

> But is it possible to completely disable port 389 if we don't want > any client to ever try non-SSL connections? That will block communication between IPA servers, and from clients to servers. -- Sam Morris PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9s

[Freeipa-users] Re: Allowing LDAP only via SSL?

On Tue, Aug 03, 2021 at 09:22:19AM -, Sam Morris via FreeIPA-users wrote: > You can set this option: > https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/setting_a_minimum_strength_factor > > But it breaks one or two things that may or may not be

[Freeipa-users] Re: Allowing LDAP only via SSL?

> As far as I underrstand, the vanilla installation of the freeipa > server allows clients to communicate with the LDAP server with or > without SSL. We need to configure both, clients to always use > SSL, and the server to reject non-SSL communication attempts. > Where can I find the relevant doc