You can force SSL encryption over LDAP links for both anonymous and authenticated bindings.
To force SSL encryption on anonymous bindings, include the following command in the settings configuration file of the DSA:
set force-encrypt-anon = true | false
When this setting is on, if a user tries to create an anonymous binding without SSL, the DSA disallows it and returns an "Inappropriate authentication" error.
To force SSL encryption on authenticated bindings, include the following command in the settings configuration file of the DSA:
set force-encrypt-auth = true | false
When this setting is on, if a user tries to create an authenticated binding without SSL, the DSA disallows it and returns an "Inappropriate authentication" error.
The set force-encrypt-auth setting does not prevent the credentials from being sent unencrypted over the network. However it refuses any unencrypted binding request.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |