From: Ralf Haferkamp (rhafer_at_suse.de)
Date: Tue Nov 06 2007 - 14:23:41 CET
From: Ralf Haferkamp <rhafer@suse.de> Date: Tue, 6 Nov 2007 14:23:41 +0100 Message-Id: <200711061423.41437.rhafer@suse.de> Subject: Re: [suse-sles-e] OpenLDAP listens only on ldaps
On Montag, 5. November 2007, Shashi Kanth Boddula wrote:
> With SLES10, what is the right process to instruct the OpenLDAP to
> listen only on ldaps (636), not on ldap (389) ?
Currently our init-script and sysconfg files don't really allow to do that.
But if your goal is to allow only encrypted LDAP traffic you can just set
"security ssf=128" or "security tls=128" to your slapd.conf. Please have a
look at the slapd.conf man pages or the OpenLDAP Admin Guide for details on
that settings.
Additionally to ldaps:// connections clients will then also be able to connect
on Port 389 when they use the StartTLS Extended Operation.
Alternatively you can restrict slapd to just listen on the localhost interface
on port 389 and on all interfaces on the ldaps port by setting this
in /etc/sysconfig/openldap:
OPENLDAP_LDAP_INTERFACES=127.0.0.1
OPENLDAP_LDAPS_INTERFACES=""
OPENLDAP_START_LDAPS=yes
To completely disable port 389 some modifications to the init script are
needed.
-- regards, Ralf Haferkamp SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg T: +49-911-74053-0 F: +49-911-74053575 - Ralf.Haferkamp@suse.com --------------------------------------------------------------------- To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com For additional commands, e-mail: suse-sles-e-help@suse.com
This archive was generated by hypermail 2.1.7 : Tue Nov 06 2007 - 08:56:19 CET