Hello IPA, Hopefully a quick question.
RHEL 7.3 IPA 4.4 I have been digging around RHEL docs https://access.redhat.com/solutions/357673 for firewall ports and it says 389 is required for replication of IPA servers and clients to IPA servers. FreeIPA docs say this: SSL/startTLS When possible, configure your LDAP client to communicate over SSL/TLS. You can either use port 389 and enable startTLS in the client or configure to use the ldaps port, 636. The IPA CA certificate can be found in /etc/ipa/ca.crt on all enrolled hosts. Question is this... can IPA be configured without Port 389 at all for clients to comm with IPA servers? I realize the starttls using 389 encrypts the comms but for our vlan firewall rules 389 is not something we really want to open. It is easier to open IPA server IP to IPA server IP port 389 bi-direction if needed for replication but for clients it would be the whole subnet to IPA server 389. I also noticed somewhere that direct 636 instead of 389 with starttls for clients is deprecated but I think that was in Directory Server docs. Sean Hogan
_______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org