John gray wrote:

---------- Forwarded message ---------- From: *John gray* <gnulinux9@googlemail.com mailto:gnulinux9@googlemail.com> Date: Oct 22, 2007 5:16 PM Subject: mandated TLS connections To: fedora-directory-users@redhat.com mailto:fedora-directory-users@redhat.com

Hi all,

I migrated from openldap to redhat directory server.

In openldap I mandated TLS connections

ie:

[root@bjoshi ~]# ldapsearch -x -h 10.1.1.8 http://10.1.1.8 uid=bjoshi

ldap_bind: Confidentiality required (13)

    additional info: TLS confidentiality required 

[root@bjoshi ~]# ldapsearch -x -LL -ZZ -h 10.1.1.8 http://10.1.1.8 uid=bjoshi mail

version: 1

dn: uid=bjoshi,ou=people,dc=example,dc=com

mail: bjoshi@example.com mailto:bjoshi@example.com

Below ioption in /etc/openldap/slapd.conf for enforcing.

security ssf=128 update_ssf=128 simple_bind=128 update_tls=128 tls=128

On the rhds machines tls works, but it also allows plain text searches.

Can anyone suggest configuration in rhds to force tls search only

Also note, follow the below documentation

http://directory.fedoraproject http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients.org/wiki/Howto:SSL#Configure_LDAP_clients http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients

and enabling

nsServerSecurity: on

does not solve the problem.

Only SSL is not option

There is currently no way to do this in Fedora DS.

Regards,

Bhargav

---

-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users