Re: ldapi -> "Confidentiality required" problem

["Dieter Kluenter" <dieter@dkluenter.de>]

Gunnar Frenzel <Gunnar_Frenzel@web.de> writes:

> Dieter Kluenter schrieb:
>> "Dieter Kluenter" <dieter@dkluenter.de> writes:
> [...]
>>> [...]
>>>> security ssf=128
>>> [...]
>>> The hard coded ssf for ldapi is 71, so you have to reduce security
>>> ssf.
>
> When I change security ssf=128 to a lower value then this affects not
> only ldapi but ldaps as well, right? I want to leave ldaps to require
> TLS but reduce security for ldapi only, so I could not achieve this by
> reducing security ssf?

Actually, ldaps is tls, you can not connect to port 636 without proper
TLS configuration on server on client side. In fact TLSCipherSuite
MEDIUM defines 128 bit ciphers. 
man slapd.conf(5) offers a variety of ssf options, just an example:

security
        ssf=1
        sasl=56
        tls=128

thus the default ssf for ldapi is applied

>> the default ssf for ldapi can be modified by adding localSSF <ssf> to
>> slapd.conf(5).
>
> As I wrote I tried adding:
> localSSF	0
> to slapd.conf but this didn't not change the behaviour at all. :(

localSSF 128 would overwrite the default value.


-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E