[email protected] wrote:
I have the following question: we have about 100 LDAP applications running to our Novell LDAP interface. Some work on port 636, some on 389. Now I want to set the parameter "require TLS for simple bind with password". My understanding was that TLS (or StartTLS) is an additional feature which can be used (but must not be used) and that therefore the running applications should not be affected. I had to learn that this is not true. Can you help me to identify the requirements to understand which applications would be affected by this change?
IIRC this vendor-specific configuration option in eDirectory lets all simple bind requests fail if not sent either over LDAPS or LDAP with StartTLS. This is simply considered your local policy. There are similar configuration options in other directory server products.
And some eDirectory-specific operations (e.g. Universal password extraction with GetNMASPassword extended request) cannot be done without encrypted connection at all.
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
