| View previous topic :: View next topic |
| Author |
Message |
supermihi
Guru
Joined: 09 Feb 2005
Posts: 348
|
 Posted: Thu Oct 19, 2006 2:55 pm Post subject: OpenLDAP: How to force TLS usage? |
 |
|
I am trying to set up my ldap server to only accept connections if they use TLS. Is there any option for that?? I couldn't find anything. With " TLSVerifyClient demand" I can limit TLS access to clients that have valid certificates, which works well - but if the client initiates an unencrypted connection without TLS, the server doesn't complain! Is this a bug in slapd? What am I doing wrong?
_________________
"You may say I'm a dreamer, but I'm not the only one." |
|
| Back to top |
|
 |
Janne Pikkarainen
Veteran
Joined: 29 Jul 2003
Posts: 1143
Location: Helsinki, Finland
|
| Posted: Fri Oct 20, 2006 7:55 am Post subject: |
|
|
man slapd.conf and see if security variable is what you are looking for.
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
| Back to top |
|
|
supermihi
Guru
Joined: 09 Feb 2005
Posts: 348
|
| Posted: Fri Oct 20, 2006 8:05 am Post subject: |
|
|
Thanks, but I don't really understand that "security strength factor" -- does that mean I have to set "security tls=1" in slapd.conf?
_________________
"You may say I'm a dreamer, but I'm not the only one." |
|
| Back to top |
|
|
Janne Pikkarainen
Veteran
Joined: 29 Jul 2003
Posts: 1143
Location: Helsinki, Finland
|
| Posted: Fri Oct 20, 2006 9:10 am Post subject: |
|
|
I think you need to modify your slapd.conf access lines something like this:
| Code: | access to *
by tls_ssf=1 none break
... your other rules ... |
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.". |
|
| Back to top |
|
|
|
Networking & Security
