Hi
On 1/22/07, S Kalyanasundaram skalyanasundaram@novell.com wrote:
So the port is independent of the connection type?
The only reason I asked this question was because I haven't found a way to force a TLS connection over 389, without also allowing non-encrypted connection
I found here: http://www.openldap.org/doc/admin23/security.html
That I could use the option : disallow bind_simple_unprotected
However, this option seem to be invalid and give me the error: /usr/local/etc/openldap/slapd.conf: line 31: <disallow> unknown feature bind_simple_unprotected
so either I'm not typing it correctly, or the documentation is incorrect.
in the mean time, security ssf=56 and update_ssf=56 seem to do the trick. I can only authenticate with the ldap server if encryption is used... Finding the right documentation is rather a challenge :(
The clear text authentication and as well as secured connection can be made on both the ports (389,636) ? Then what for the port is being used?
That would be 636. Which would then only allow SSL connection or Start TLS one, never a clear text one
I assumed 389 is clear text and 636 is encrypted(ssl/tls) one. Can you please make sure this..
yes I'm sure :)
Thank you all for your help Regards Jean-Yves