From: Shashi Kanth Boddula (shashi-kanth.boddula_at_hp.com)
Date: Tue Nov 06 2007 - 16:20:54 CET
Message-ID: <47308656.3080908@hp.com> Date: Tue, 06 Nov 2007 20:50:54 +0530 From: Shashi Kanth Boddula <shashi-kanth.boddula@hp.com> Subject: Re: [suse-sles-e] OpenLDAP listens only on ldaps
Thanks for the clarification, Ralf. I think, it will be good, if there
is an option in /etc/sysconfig/openldap to achieve my requirement.
One more, SLES10 doesn't have a LDAP client software, i can find GQ in
SLES9.
-- Shashi
Ralf Haferkamp wrote:
> On Montag, 5. November 2007, Shashi Kanth Boddula wrote:
>
>> With SLES10, what is the right process to instruct the OpenLDAP to
>> listen only on ldaps (636), not on ldap (389) ?
>>
> Currently our init-script and sysconfg files don't really allow to do that.
> But if your goal is to allow only encrypted LDAP traffic you can just set
> "security ssf=128" or "security tls=128" to your slapd.conf. Please have a
> look at the slapd.conf man pages or the OpenLDAP Admin Guide for details on
> that settings.
>
> Additionally to ldaps:// connections clients will then also be able to connect
> on Port 389 when they use the StartTLS Extended Operation.
>
> Alternatively you can restrict slapd to just listen on the localhost interface
> on port 389 and on all interfaces on the ldaps port by setting this
> in /etc/sysconfig/openldap:
>
> OPENLDAP_LDAP_INTERFACES=127.0.0.1
> OPENLDAP_LDAPS_INTERFACES=""
> OPENLDAP_START_LDAPS=yes
>
> To completely disable port 389 some modifications to the init script are
> needed.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com
This archive was generated by hypermail 2.1.7 : Tue Nov 06 2007 - 11:04:53 CET