18 Jul
2007
18 Jul
'07
2:24 a.m.
I want to force clients to use TLS except on the IPv4 loopback interface. As suggested by Aaron I have the following ACL as the very first one # first, make sure TLS or localhost access to * by tls_ssf=1 none break by peername.ip="127.0.0.1" none break by * none followed by my "real" ACLs.
Everything is working as expected but I've just noticed that I can bind to the server with my rootdn in cleartext. Is this expected? Is there a way to prevent this?
Regards, Thierry.