directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Linus van Geuns <>
Subject Re: [ApacheDS] Ceritficate for StartTLS
Date Wed, 06 Jan 2010 14:48:00 GMT

On Wed, Jan 6, 2010 at 3:26 PM, Beat Burgener | NetSuccess GmbH
<> wrote:
> BTW3: Is there a way to force StartTLS an LDAP connection using port 389 via
> the ApacheDS configuration?
> That's why I use LDAPS, which does not support plain text connections AFAIK.
> For LDAP, I don't feel in the position to control that
> as the client use StartTLS or not ...

AFAIK it is valid LDAP protocol behavior for a client to just connect
to the server using plain text simple bind and thereby sending
passwords in clear text to your server.
The server could reject that request, but the client is not forced to
look up server policies before it's first request.

Therefore you need to ensure that your clients are configured to use StartTLS.

Regards, Linus

View raw message