subject:"\[Freeipa\-users\] Restricting access to unencrypted LDAP connections"

Re: [Freeipa-users] Restricting access to unencrypted LDAP connections

2015-11-18 Thread Prashant Bapat

Exactly what I was looking for! Thank you!!

On 18 November 2015 at 13:26, Ludwig Krispenz  wrote:

> you could set minssf:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections
>
>
> On 11/18/2015 07:24 AM, Prashant Bapat wrote:
>
> Hi,
>
> We have a pair of freeipa servers (4.1.4) and a bunch of Linux clients
> configured to talk to them thru pam-nss-ldapd (no sssd). I want to ensure
> that these clients only talk to freeipa's LDAP server either via ldaps or
> ldap+starttls. Plain ldap should not be allowed.
>
> I can always switch to ldaps only and close the tcp/389 port on the
> firewall. But is there a way to achieve this using tcp/389 port.?
>
> Any suggestions appreciated.
>
> Thanks.
> --Prashant
>
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Restricting access to unencrypted LDAP connections

2015-11-17 Thread Ludwig Krispenz


you could set minssf:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections

On 11/18/2015 07:24 AM, Prashant Bapat wrote:

Hi,

We have a pair of freeipa servers (4.1.4) and a bunch of Linux clients 
configured to talk to them thru pam-nss-ldapd (no sssd). I want to 
ensure that these clients only talk to freeipa's LDAP server either 
via ldaps or ldap+starttls. Plain ldap should not be allowed.


I can always switch to ldaps only and close the tcp/389 port on the 
firewall. But is there a way to achieve this using tcp/389 port.?


Any suggestions appreciated.

Thanks.
--Prashant




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Restricting access to unencrypted LDAP connections

2015-11-17 Thread Prashant Bapat

Hi,

We have a pair of freeipa servers (4.1.4) and a bunch of Linux clients
configured to talk to them thru pam-nss-ldapd (no sssd). I want to ensure
that these clients only talk to freeipa's LDAP server either via ldaps or
ldap+starttls. Plain ldap should not be allowed.

I can always switch to ldaps only and close the tcp/389 port on the
firewall. But is there a way to achieve this using tcp/389 port.?

Any suggestions appreciated.

Thanks.
--Prashant
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Restricting access to unencrypted LDAP connections

Re: [Freeipa-users] Restricting access to unencrypted LDAP connections

[Freeipa-users] Restricting access to unencrypted LDAP connections

3 matches

Site Navigation

Mail list logo

Footer information