How do I force SSL encryption to the DSA from LDAP\DAP clients?
search cancel

How do I force SSL encryption to the DSA from LDAP\DAP clients?

book

Article ID: 64855

calendar_today

Updated On:

Products

CA Directory

Issue/Introduction

CA Directory uses a single port to provide both LDAP and LDAPS communication. At times one to disable non-LDAPS connection to the directory.

Environment

Release: 14.1
Component: CA Directory

Resolution

If you want to force SSL-only connections from an LDAP client, you need to add the following to the settings config:

force-encrypt-anon = true;

Forces SSL encryption on anonymous binds.

OR

force-encrypt-auth = true;

Forces SSL encryption on authenticated binds.

as documented on the following link

Encrypt LDAP Bindings

Note that there other requirement to allow TLS/SSL communication to begin with. Please refer to the product documentation for those pre-requisites.