directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-639) allow to run ldaps only
Date Sat, 19 Jul 2008 15:51:31 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12615010#action_12615010
] 

Allen Wittenauer commented on DIRSERVER-639:
--------------------------------------------

The problem with the "use a firewall" solution is that sometimes firewalls fail.  It is much
better if the app doesn't open the port at all.

Also, running ADS as non-root isn't the point; protecting the data going over the wire is
the concern.  Non-SSL LDAP traffic can be sniffed.

> allow to run ldaps only
> -----------------------
>
>                 Key: DIRSERVER-639
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-639
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>         Environment: all
>            Reporter: Ralf Hauser
>             Fix For: 1.5.5
>
>
> In our environment, we should not disclose anything without encrypting it in transmission.
> When trying to only start ldaps by simply not setting
>    cfg.setLdapPort(...);
> apparently the default 389 is taken that in turn cannot be used if apacheDs is not started
as root...
> How can I avoid just
>   cfg.setLdapPort(2389);
> or at least shutting it down immediately afterwards.
> see also DIR-185

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message