---------- Forwarded message ----------
From: John gray <gnulinux9@googlemail.com>
Date: Oct 22, 2007 5:16 PM
Subject: mandated TLS connections
To: fedora-directory-users@redhat.com

Hi all,

 

I migrated from openldap to redhat directory server. 

 

In openldap I mandated TLS connections 

 

ie: 

[root@bjoshi ~]# ldapsearch -x -h 10.1.1.8 uid=bjoshi 

ldap_bind: Confidentiality required (13) 

        additional info: TLS confidentiality required 

 

[root@bjoshi ~]# ldapsearch -x -LL -ZZ -h 10.1.1.8 uid=bjoshi mail 

version: 1 

 

dn: uid=bjoshi,ou=people,dc=example,dc=com 

mail: bjoshi@example.com

 

Below ioption in /etc/openldap/slapd.conf for enforcing. 

security ssf=128 update_ssf=128 simple_bind=128 update_tls=128 tls=128 

 

On the rhds machines tls works, but it also allows plain text searches. 

 

Can anyone suggest  configuration in rhds to force tls search only 

 

Also note, follow the below documentation 

http://directory.fedoraproject .org/wiki/Howto:SSL#Configure_LDAP_clients  

and enabling  

nsServerSecurity: on 

does not solve the problem. 


Only SSL is not option


Regards,

Bhargav