[
https://issues.apache.org/jira/browse/DIRSERVER-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12615010#action_12615010 ]
Allen Wittenauer commented on DIRSERVER-639:
--------------------------------------------
The problem with the "use a firewall" solution is that sometimes firewalls fail. It is much better if the app doesn't open the port at all.
Also, running ADS as non-root isn't the point; protecting the data going over the wire is the concern. Non-SSL LDAP traffic can be sniffed.
> allow to run ldaps only
> -----------------------
>
> Key: DIRSERVER-639
> URL:
https://issues.apache.org/jira/browse/DIRSERVER-639> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Environment: all
> Reporter: Ralf Hauser
> Fix For: 1.5.5
>
>
> In our environment, we should not disclose anything without encrypting it in transmission.
> When trying to only start ldaps by simply not setting
> cfg.setLdapPort(...);
> apparently the default 389 is taken that in turn cannot be used if apacheDs is not started as root...
> How can I avoid just
> cfg.setLdapPort(2389);
> or at least shutting it down immediately afterwards.
> see also DIR-185
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
