Hi Isabella,
To complete Simon's answer:
An alternative of disabling non anonymous bind on insecure connection is
to fully disable 389 port as explained in
https://directory.fedoraproject.org/docs/389ds/howto/howto-listensslonly.html
So you can both use that trick and configure replication over ldaps.
But check that none of the client applications requires anonymous access
over ldap (to get the schema or some attributes of the root entry).
Regards
Pierre
On Fri, Apr 1, 2022 at 10:19 PM Simon Pichugin <spich...@redhat.com> wrote:
> Hi Isabella,
> I'm not sure if I fully understood what you want to achieve.
>
> But you can configure your replication agreements with secure 636 port
> connections. You can check examples here:
>
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#setting_up_multi-supplier_replication_using_the_command_line
>
> Also, you can enable this setting to make sure that a user authenticates
> to the directory over a protected connection only:
>
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/configuration_command_and_file_reference/index#nsslapd_require-secure-binds
>
> I hope that helps!
> Sincerely,
> Simon
>
> On Fri, Apr 1, 2022 at 11:11 AM Ghiurea, Isabella <
> isabella.ghiu...@nrc-cnrc.gc.ca> wrote:
>
>> Hi
>>
>> Please I need to know to know if we can block port 389 presently used
>> for replication multimaster replication and replaced with port 636 will
>> this work ?
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
--
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
