Re: How to only accept TLS connection on port 389

Hello

On 1/22/07, Kurt D. Zeilenga Kurt@openldap.org wrote:

connecting. If you want to restrict clients to using just the former or the latter, eliminate one or the other listener.

I guess I didn't explain properly in the first place: If I open port 389, and even though I accept TLS, I can not force client to use an encrypted connection.

Which is what I want to achieve. The aim is to prevent any non-encrypted connection to openldap. And I can't just use port 636 (ldaps) as I have a few clients that only work with a StartTLS operation

Is this something possible?

ldap:// on port 389 and use of Start TLS operation to initiate TLS (SSL) is the standard way of securing LDAP with TLS.

Yes. you are 100% correct, I just want to enforce is. Jean-Yves