How to Disable the Non-secure Port for IBM Tivoli Directory Server (LDAP)

Question & Answer

Question

How can I disable the non-secure port for the IBM Tivoli Directory Server (LDAP), leaving only the TLS port available?

Answer

NOTE: The steps below assume that the default LDAP server instance name is being used (QUSRDIR). If a custom LDAP instance name is being used replace this value in the command below.

1) On the IBM i command line type:

EDTF '/qibm/userdata/os400/dirsrv/idsslapd-QUSRDIR/etc/ibmslapd.conf'

2) Scroll down and change this:

ibm-slapdSecurity: SSLTLS

to this:

ibm-slapdSecurity: SSLOnly

F3 twice to save/exit the file

3) We will then need to stop/start the LDAP server (*DFT for the instance can be used for the QUSRDIR LDAP instance name, replace this value with the name of the instance if a custom LDAP instance has been created).

ENDTCPSVR SERVER(*DIRSRV) INSTANCE(*DFT)

STRTCPSVR SERVER(*DIRSRV) INSTANCE(*DFT)

Once these steps are performed only the TLS port of 636 should be available to accept connections for the LDAP server. The non-secure port of 389 will no longer be active.

[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CJ2AAM","label":"IBM i Tivoli Directory Server"}],"ARM Case Number":"TS018732972","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]

Tips

How to Disable the Non-secure Port for IBM Tivoli Directory Server (LDAP)

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?