[Date Prev][Date Next] [Chronological] [Thread] [Top]

Having an issue with SSF

To: openldap-software@openldap.org
Subject: Having an issue with SSF
From: Pat Riehecky <prieheck@iwu.edu>
Date: Thu, 31 Jan 2008 10:39:20 -0600
Organization: Illinois Wesleyan University

I am trying to take advantage of the localSSF option in OpenLDAP 2.4.
This system will only allow one user to login and I like to leave a door
for me to get back in if I forget the admin password.

My goal is to get the local socket running with no security and require
anyone using a TCP connection to use TLS with at least a 3DES cypher.  I
would prefer updates happen over a higher grade encyption, but eh....

In doing so I have put the following in my slapd.conf

.....

localSSF 0
sasl-secprops noplain,noanonymous,minssf=112
security ssf=112 update_ssf=128 simple_bind=112 tls=112

#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend         hdb

......

It seems I have done something a great deal wrong.  The system is now
enforcing strong authentication over ldapi:/// this is the exact
opposite of my plan.

What on earth did I do wrong?

Pat

Debian Etch, packages from sid.

Follow-Ups:
- Re: Having an issue with SSF
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Having an issue with SSF
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: 2.3.39 syncrepl lost connection
Next by Date: Re: Having an issue with SSF
Index(es):
- Chronological
- Thread