9.1.9.7. Information Flow Enforcement¶

Since TCPWrappers has a default deny policy in place, a specific entry is added to allow all hosts to connect to the slapd service.

The OpenLDAP module explicitly opens up ports 389 (LDAP) and 636 (LDAPS) using IPTables rules. The connecting source IPs are limited to the value of $simp_options::trusted_nets which for most installs is the local network.

References: AC-4 : INFORMATION FLOW ENFORCEMENT

Read the Docs v: master

Versions: master; latest; stable; 6.6.0; 6.5.0-3; 6.5.0-2; 6.5.0-1; 6.4.0-0; 6.3.3; 6.3.0-0; 6.2.0-0; 6.1.0-0; 6.0.0-0; 5.2.1-0; 5.2.0-0; 5.1.0-3; 5.1.0-2; 5.1.0-1; 5.1.0-0; 4.3.1-0; 4.3.0-0; 4.2.0-2; 4.2.0-1; 4.2.0-0; simp-maint-example-role-formatting; simp-maint-example-fixes

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.