Stephen,
Ah. I did not realize that. I thought some directory information might be coming over in plaintext as with normal LDAP binds. Since this is not the case, I'm happy!
Thanks!
-Chris
On Wed, Jul 24, 2013 at 4:39 PM, Stephen Gallagher sgallagh@redhat.comwrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/24/2013 03:50 PM, Chris Hartman wrote:
Hi guys!
Is there anyway I can force my SSSD clients running 1.9.5 (Ubuntu 12.04) and 1.9.2 (CentOS 6) to bind to LDAPs (port 636) instead of LDAP (port 389) when my providers are all set to "ad"?
Why would you want to do this? The GSSAPI communication provided by the Kerberos keytab is already encrypting all communication you send on port 389. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHwO3AACgkQeiVVYja6o6OwTQCeLNHFZIqOUz15ho4YrsYa0q7G Zx0AnjSY3GJsY4Qtyyvr7fsNnkp3OlEk =VLIv -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users