Sun Directory Server Enterprise Edition 7.0 Administration Guide

Disabling Non Secure Communication

When a server instance is created, both an LDAP clear port and a secure LDAP port (LDAPS) are created by default. However, there might be situations where you want to disable non-SSL communications so that the server communicates only through SSL.

The SSL connection is enabled with a default self-signed certificate. If you want to, you can install your own certificates. For instructions on managing certificates and disabling SSL after the server has been started, see Chapter 5, Directory Server Security. For an overview of certificates, certificate databases, and obtaining a CA-signed server certificate, see Sun Directory Server Enterprise Edition 7.0 Reference.

ProcedureTo Disable the LDAP Clear Port

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Disable the LDAP clear port.

    To disable the non secure point, you must bind to the LDAP secure port. This example shows a bind to the default LDAP secure port, 1636, on the host server host1.

    $ dsconf set-server-prop -h host1 -P 1636 ldap-port:disabled
  2. Restart the server for the change to take effect.

    $ dsadm restart /local/dsInst

    You can now no longer bind on the non secure port 1389.