Look at the options for setting ssf (Security Strength Factors): http://www.openldap.org/doc/admin24/access-control.html#Granting%20and%20Denying%20access%20based%20on%20security%20strength%20factors%20(ssf)
I typically setup a global minssf of 256 to ensure maximum security, when possible via the 'security minssf=256'. re: man slapd.conf HTH, Joshua Miller ITSA Consulting, LLC http://itsecureadmin.com/ On Feb 26, 2012, at 2:49 AM, Daniel Pocock wrote: > > > > Is there some way to ensure that a client who connects on port 389 can > do nothing without StartTLS? > > Or is it necessary to just disable port 389 and only listen for ldaps:/// ? > >
