If you want to configure your ldap server to only listen on secure port, stop the server, edit the main server configuration file, dse.ldif for the entry cn=config, and change the value of nsslapd-port to 0, save and restart.
When you set nsslapd-port to 0, the server will not listen for non-secure connections. If this attribute is not present in the entry, add it as the last line in the cn=config entry - make sure there are no empty lines before this one, and make sure there is a single empty line after it, before the start of the next entry.
Example:
Stop your ldap instance:
stop-dirsrv "instance name"
Save and edit the main configuration file:
cp -p /etc/dirsrv/slapd-<instance-name>/config/dse.ldif /etc/dirsrv/slapd-<instance-name>/config/dse.ldif-`/bin/date +%F-%R`
vi /etc/dirsrv/slapd-<instance-name>/config/dse.ldif
Under dn: cn=config, change from:
nsslapd-port: 389
to:
nsslapd-port: 0
Then restart your ldap instance:
start-dirsrv "instance name"
You should see something similar to this in the error logs:
[17/Sep/2007:15:08:57 -0700] - Information: Non-Secure Port Disabled, server only contactable via secure port
Enter PIN for Internal (Software) Token:
[17/Sep/2007:15:09:04 -0700] - Red Hat-Directory/7.1 SP3 B2006.207.178 starting up
[17/Sep/2007:15:09:06 -0700] - Listening on All Interfaces port 636 for LDAPS requests
To configure SSL, please refer to: