When a server instance is created, both an LDAP clear port and a secure LDAP port (LDAPS) are created by default. However, there might be situations where you want to disable non-SSL communications so that the server communicates only through SSL.
The SSL connection is enabled with a default self-signed certificate. If you want to, you can install your own certificates. For instructions on managing certificates and disabling SSL after the server has been started, see Chapter 5, Directory Server Security. For an overview of certificates, certificate databases, and obtaining a CA-signed server certificate, see Sun Java System Directory Server Enterprise Edition 6.2 Reference.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Disable the LDAP clear port.
To disable the non secure point, you must bind to the LDAP secure port. This example shows a bind to the default LDAP secure port, 1636, on the host server host1.
$ dsconf set-server-prop -h host1 -P 1636 ldap-port:disabled
Restart the server for the change to take effect.
$ dsadm restart /local/ds
You can now no longer bind on the non secure port 1389.