https://bugzilla.redhat.com/show_bug.cgi?id=687939
Description of problem: Currently in order to enable TLS on the unsecure port you need to define a second secure port, 0 is not allowed. It would be nice to be able to have just the single listener. Version-Release number of selected component (if applicable): 389-ds-base-1.2.8-0.2.a2.fc14.x86_64
set default ticket origin to Community
Added initial screened field value.
Per triage, set to FUTURE...
Metadata Update from @nkinder: - Issue assigned to tbordaz - Issue set to the milestone: FUTURE
https://bugzilla.redhat.com/show_bug.cgi?id=687939#c6
Metadata Update from @vashirov: - Custom field reviewstatus adjusted to None - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
I want to bring up an important point, for historical discovery if required. It's pretty clear that in 2019/2020, that plaintext - upgrade to TLS, IE StartTLS is risky and has many security issues. The only secure method of communication to LDAP is LDAPS. It is possible to configure your server to listen only on LDAPS by setting the plaintext port to 0.
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/61
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.