Monday, September 21, 2020

[389-users] Re: LDAPS only plugin & how to disable LDAP protocol at all

You can set nsslapd-port to 0 and that will disable the port.

See also:

https://www.port389.org/docs/389ds/howto/howto-listensslonly.html

https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/configuring-special-binds#requiring-secure-binds

https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/configuring-special-binds#disabling-anonymous-binds

HTH,

Mark

On 9/21/20 11:03 AM, Jan Tomasek wrote:
Hello,    in past, I've created a simple plug-in for disabling authenticated binds  over non-encrypted lines. But still allowing anonymous binds over LDAP.    I did know about nsslapd-require-secure-binds but if recall correctly it  is including SASL authenticated binds which I believe protects only user  password and not transferred data.    I published plug-in here:  	https://github.com/CESNET/389ds-plugin-ldapsonly  but it is maybe obsoleted today.    Today I think is TLS a must. Is it possible to disable 389 port at all?  Or instruct 389 DS to bind port 389 on localhost?    

_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  
--     389 Directory Server Development Team

No comments:

Post a Comment