[Date Prev][Date Next] [Chronological] [Thread] [Top]

ssf=0 disallowd in ACLs

I'm sorry if I'm misunderstanding the behavior I'm seeing, but let me
try to be brief, and helpful here in describing the issue I'm seeing:

In ACLs (OpenLDAP 2.2.15, 2.2.16 are what I tested), ssf=0 triggers
the following error:

  /etc/openldap/slapd.conf: line 122: invalid ssf value (0)

There might in fact be a good reason for dropping the default security
level.  E.g., in some scenarios it's perfect appropriate if the remote
host is local (, suppose) for authentication to occur cleartext
over an unencrypted link, even though everywhere else this might not be


Richard L. Goerwitz III		   Email: Richard.Goerwitz@Carleton.edu
Phone: +1 507 646 5526				   Fax: +1 507 646 4537
PGP key fingerprint: 4471 B6D3 57CC B2DC A0CF  82D3 0B7D EA19 F425 B0E0