But is it possible to completely disable port 389 if we don't
want
any client to ever try non-SSL connections?
That will block communication between IPA servers, and from clients to servers.
--
Sam Morris <
https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9s?