1 Topic by alex42

  • alex42
  • Member
  • Offline
  • Registered: 2013-08-26
  • Posts: 147

Topic: How can I force LDAP to accept only connections secured over STARTTLS

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.7
- Linux/BSD distribution name and version: Ubuntu 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

I want to enable access to my LDAP installed by iRedMail to another server. Therefor I want to be sure that every connection is encrypted by StartTLS. I've found a tutorial which explains howto secure LDAP by STARTTLS and howto enforce a connection over STARTTLS. Can this be done as well for the LDAP installed by iRedMail? And what would I have to do?

Thanks in advance!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by alex42

  • alex42
  • Member
  • Offline
  • Registered: 2013-08-26
  • Posts: 147

Re: How can I force LDAP to accept only connections secured over STARTTLS

Here is the guide which I mentioned:

https://www.digitalocean.com/community/ … g-starttls

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: How can I force LDAP to accept only connections secured over STARTTLS

I didn't find such parameter. You'd better ask in OpenLDAP mailing list instead.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: How can I force LDAP to accept only connections secured over STARTTLS

One possible solution is: don't configure your OpenLDAP to listen on ldap://. Instead, just listen on ldaps:// (it uses port 636 instead, not 389).