Re: [Freeipa-users] Restricting access to unencrypted LDAP connections
Exactly what I was looking for! Thank you!! On 18 November 2015 at 13:26, Ludwig Krispenz wrote: > you could set minssf: > > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections > > > On 11/18/2015 07:24 AM, Prashant Bapat wrote: > > Hi, > > We have a pair of freeipa servers (4.1.4) and a bunch of Linux clients > configured to talk to them thru pam-nss-ldapd (no sssd). I want to ensure > that these clients only talk to freeipa's LDAP server either via ldaps or > ldap+starttls. Plain ldap should not be allowed. > > I can always switch to ldaps only and close the tcp/389 port on the > firewall. But is there a way to achieve this using tcp/389 port.? > > Any suggestions appreciated. > > Thanks. > --Prashant > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Restricting access to unencrypted LDAP connections
you could set minssf: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections On 11/18/2015 07:24 AM, Prashant Bapat wrote: Hi, We have a pair of freeipa servers (4.1.4) and a bunch of Linux clients configured to talk to them thru pam-nss-ldapd (no sssd). I want to ensure that these clients only talk to freeipa's LDAP server either via ldaps or ldap+starttls. Plain ldap should not be allowed. I can always switch to ldaps only and close the tcp/389 port on the firewall. But is there a way to achieve this using tcp/389 port.? Any suggestions appreciated. Thanks. --Prashant -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Restricting access to unencrypted LDAP connections
Hi, We have a pair of freeipa servers (4.1.4) and a bunch of Linux clients configured to talk to them thru pam-nss-ldapd (no sssd). I want to ensure that these clients only talk to freeipa's LDAP server either via ldaps or ldap+starttls. Plain ldap should not be allowed. I can always switch to ldaps only and close the tcp/389 port on the firewall. But is there a way to achieve this using tcp/389 port.? Any suggestions appreciated. Thanks. --Prashant -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project