---------- Forwarded message ---------- From: John gray <gnulinux9@googlemail.com> Date: Oct 22, 2007 5:16 PM Subject: mandated TLS connections To: fedora-directory-users@redhat.com Hi all, I migrated from openldap to redhat directory server. In openldap I mandated TLS connections ie: [root@bjoshi ~]# ldapsearch -x -h 10.1.1.8 uid=bjoshi ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required [root@bjoshi ~]# ldapsearch -x -LL -ZZ -h 10.1.1.8 uid=bjoshi mail version: 1 dn: uid=bjoshi,ou=people,dc=example,dc=com mail: bjoshi@example.com Below ioption in /etc/openldap/slapd.conf for enforcing. security ssf=128 update_ssf=128 simple_bind=128 update_tls=128 tls=128 On the rhds machines tls works, but it also allows plain text searches. Can anyone suggest configuration in rhds to force tls search only Also note, follow the below documentation http://directory.fedoraproject<http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients> .org/wiki/Howto:SSL#Configure_LDAP_clients <http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients> and enabling nsServerSecurity: on does not solve the problem. Only SSL is not option Regards, Bhargav
Richard Megginson
2007-Oct-22 21:21 UTC
Re: [Fedora-directory-users] mandated TLS connections
John gray wrote:> > > ---------- Forwarded message ---------- > From: *John gray* <gnulinux9@googlemail.com > <mailto:gnulinux9@googlemail.com>> > Date: Oct 22, 2007 5:16 PM > Subject: mandated TLS connections > To: fedora-directory-users@redhat.com > <mailto:fedora-directory-users@redhat.com> > > Hi all, > > > > I migrated from openldap to redhat directory server. > > > > In openldap I mandated TLS connections > > > > ie: > > [root@bjoshi ~]# ldapsearch -x -h 10.1.1.8 <http://10.1.1.8> uid=bjoshi > > ldap_bind: Confidentiality required (13) > > additional info: TLS confidentiality required > > > > [root@bjoshi ~]# ldapsearch -x -LL -ZZ -h 10.1.1.8 <http://10.1.1.8> > uid=bjoshi mail > > version: 1 > > > > dn: uid=bjoshi,ou=people,dc=example,dc=com > > mail: bjoshi@example.com <mailto:bjoshi@example.com> > > > > Below ioption in /etc/openldap/slapd.conf for enforcing. > > security ssf=128 update_ssf=128 simple_bind=128 update_tls=128 tls=128 > > > > On the rhds machines tls works, but it also allows plain text searches. > > > > Can anyone suggest configuration in rhds to force tls search only > > > > Also note, follow the below documentation > > http://directory.fedoraproject > <http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients>.org/wiki/Howto:SSL#Configure_LDAP_clients > <http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients> > > and enabling > > nsServerSecurity: on > > does not solve the problem. > > > Only SSL is not option >There is currently no way to do this in Fedora DS.> > > Regards, > > Bhargav > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >