Security Hardening

TBD: Additional Instructions

Restricting Connection Handlers

Disable LDAP Handler

Disable plain LDAP connection handler:

$ ./dsconfig set-connection-handler-prop --handler-name "LDAP Connection Handler" --set enabled:false

Update SSL Protocols

Force TLSv1.2 and TLS v1.3 protocols only for LDAPS connection handler:

$ ./dsconfig set-connection-handler-prop --handler-name 'LDAPS Connection Handler' --set ssl-protocol:TLSv1.2 --set ssl-protocol:TLSv1.3

Force TLSv1.2 and TLS v1.3 protocols only for Admin connection handler:

$ ./dsconfig set-administration-connector-prop --set ssl-protocol:TLSv1.2 --set ssl-protocol:TLSv1.3