[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: Re: [Fedora-directory-users] mandated TLS connections
From: Richard Megginson <rmeggins () redhat ! com>
Date: 2007-10-22 21:21:58
Message-ID: 471D1476.5050302 () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
John gray wrote:
>
>
> ---------- Forwarded message ----------
> From: *John gray* <gnulinux9@googlemail.com
> <mailto:gnulinux9@googlemail.com>>
> Date: Oct 22, 2007 5:16 PM
> Subject: mandated TLS connections
> To: fedora-directory-users@redhat.com
> <mailto:fedora-directory-users@redhat.com>
>
> Hi all,
>
>
>
> I migrated from openldap to redhat directory server.
>
>
>
> In openldap I mandated TLS connections
>
>
>
> ie:
>
> [root@bjoshi ~]# ldapsearch -x -h 10.1.1.8 <http://10.1.1.8> uid=bjoshi
>
> ldap_bind: Confidentiality required (13)
>
> additional info: TLS confidentiality required
>
>
>
> [root@bjoshi ~]# ldapsearch -x -LL -ZZ -h 10.1.1.8 <http://10.1.1.8>
> uid=bjoshi mail
>
> version: 1
>
>
>
> dn: uid=bjoshi,ou=people,dc=example,dc=com
>
> mail: bjoshi@example.com <mailto:bjoshi@example.com>
>
>
>
> Below ioption in /etc/openldap/slapd.conf for enforcing.
>
> security ssf=128 update_ssf=128 simple_bind=128 update_tls=128 tls=128
>
>
>
> On the rhds machines tls works, but it also allows plain text searches.
>
>
>
> Can anyone suggest configuration in rhds to force tls search only
>
>
>
> Also note, follow the below documentation
>
> http://directory.fedoraproject
> <http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients>.org/wiki/Howto:SSL#Configure_LDAP_clients \
> <http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients>
>
> and enabling
>
> nsServerSecurity: on
>
> does not solve the problem.
>
>
> Only SSL is not option
>
There is currently no way to do this in Fedora DS.
>
>
> Regards,
>
> Bhargav
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
["smime.p7s" (application/x-pkcs7-signature)]
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic