Mark Reynolds via FreeIPA-users wrote: > > On 7/15/22 8:15 AM, Rob Crittenden via FreeIPA-users wrote: >> Ronald Wimmer via FreeIPA-users wrote: >>> The official RedHat doumentation states >>> >>>> The TCP port 389 is not required to be open on IdM servers for trust, >>>> but it is necessary for clients communicating with the IdM server. >>> Is this still true? Or could LDAPS/Port 636 be used as well? >> Used for what? Are you still talking about trust? >> >> Yes, port 636 can be used for LDAP traffic. It's been deprecated for >> years in favor of startTLS > Really? LDAPS deprecated? In our opinion startTLS should deprecated in > favor of LDAPS. Interesting... :-)
I always thought it was deprecated in the same way that CN=hostname was deprecated in certs: everyone kept using it anyway. I tend to agree with you. The problem with startTLS is it only takes one badly configured client to send password requests in the clear. rob >> but it's one of those things that isn't >> likely to go away for a while. >> >> rob >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
