directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <>
Subject [jira] Commented: (DIRSERVER-639) allow to run ldaps only
Date Sat, 19 Jul 2008 15:51:31 GMT


Allen Wittenauer commented on DIRSERVER-639:

The problem with the "use a firewall" solution is that sometimes firewalls fail.  It is much
better if the app doesn't open the port at all.

Also, running ADS as non-root isn't the point; protecting the data going over the wire is
the concern.  Non-SSL LDAP traffic can be sniffed.

> allow to run ldaps only
> -----------------------
>                 Key: DIRSERVER-639
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>         Environment: all
>            Reporter: Ralf Hauser
>             Fix For: 1.5.5
> In our environment, we should not disclose anything without encrypting it in transmission.
> When trying to only start ldaps by simply not setting
>    cfg.setLdapPort(...);
> apparently the default 389 is taken that in turn cannot be used if apacheDs is not started
as root...
> How can I avoid just
>   cfg.setLdapPort(2389);
> or at least shutting it down immediately afterwards.
> see also DIR-185

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message