On Fri, 04 Sep 2015, Danilo Aghemo wrote:
how can I force ipa-client to prefer LDAPS and HTTPS over LDAP and HTTP?
I've google before, but with no results.
I know that the server discovery is based upon SRV records in the DNS and
these points to 389, not 636. I don't know nor how to change from 389 to
636, nor is this would automatically enable LDAPS on port 636. Then, I have
to get rid of HTTP and use HTTPS only.
LDAPS is deprecated in favor of StartTLS and not recommended. The client
actually uses STARTTLS on port 389, not a plain LDAP.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project