[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-directory-users
Subject:    Re: [Fedora-directory-users] mandated TLS connections
From:       Richard Megginson <rmeggins () redhat ! com>
Date:       2007-10-22 21:21:58
Message-ID: 471D1476.5050302 () redhat ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


John gray wrote:
> 
> 
> ---------- Forwarded message ----------
> From: *John gray* <gnulinux9@googlemail.com 
> <mailto:gnulinux9@googlemail.com>>
> Date: Oct 22, 2007 5:16 PM
> Subject: mandated TLS connections
> To: fedora-directory-users@redhat.com 
> <mailto:fedora-directory-users@redhat.com>
> 
> Hi all,
> 
> 
> 
> I migrated from openldap to redhat directory server. 
> 
> 
> 
> In openldap I mandated TLS connections 
> 
> 
> 
> ie: 
> 
> [root@bjoshi ~]# ldapsearch -x -h 10.1.1.8 <http://10.1.1.8> uid=bjoshi 
> 
> ldap_bind: Confidentiality required (13) 
> 
> additional info: TLS confidentiality required 
> 
> 
> 
> [root@bjoshi ~]# ldapsearch -x -LL -ZZ -h 10.1.1.8 <http://10.1.1.8> 
> uid=bjoshi mail 
> 
> version: 1 
> 
> 
> 
> dn: uid=bjoshi,ou=people,dc=example,dc=com 
> 
> mail: bjoshi@example.com <mailto:bjoshi@example.com>
> 
> 
> 
> Below ioption in /etc/openldap/slapd.conf for enforcing. 
> 
> security ssf=128 update_ssf=128 simple_bind=128 update_tls=128 tls=128 
> 
> 
> 
> On the rhds machines tls works, but it also allows plain text searches. 
> 
> 
> 
> Can anyone suggest  configuration in rhds to force tls search only 
> 
> 
> 
> Also note, follow the below documentation 
> 
> http://directory.fedoraproject 
> <http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients>.org/wiki/Howto:SSL#Configure_LDAP_clients \
>  <http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients> 
> 
> and enabling  
> 
> nsServerSecurity: on 
> 
> does not solve the problem. 
> 
> 
> Only SSL is not option
> 
There is currently no way to do this in Fedora DS.
> 
> 
> Regards,
> 
> Bhargav
> 
> ------------------------------------------------------------------------
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 


["smime.p7s" (application/x-pkcs7-signature)]

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic