--On Wednesday, September 19, 2012 8:58 PM -0400 Yan Gong yan@fabric.com wrote:
Sir/Madam:
I successfully set up TLS on both openldap server and client through port 389 on ubuntu.
I didn't use SSL through port 636.
However, I found non encrypted/clear text connections can be made through port 389
to the openldap server as well.
How can I enforce TLS connection only and reject any non encrypted connections?
Should I use olcAccess or olcSecurity? or both? I couldn't find any detailed steps/documentation
olcSecurity would enforce encryption for any and all connections. Note that you have to restart slapd for it to take effect.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration