[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssf=0 disallowd in ACLs

To: rgoerwit@carleton.edu
Subject: Re: ssf=0 disallowd in ACLs
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 13 Sep 2004 13:39:29 -0700
Cc: openldap-bugs@OpenLDAP.org
In-reply-to: <4145F835.7090707@carleton.edu>
References: <200408171939.i7HJdITi015917@boole.openldap.org> <4145E0F2.6040506@carleton.edu> <6.1.2.0.0.20040913114136.041d9698@127.0.0.1> <4145F835.7090707@carleton.edu>

At 12:42 PM 9/13/2004, Richard L. Goerwitz III wrote:
>Kurt D. Zeilenga wrote:
>
>>>I'm sorry if I'm misunderstanding the behavior I'm seeing, but let me
>>>try to be brief, and helpful here in describing the issue I'm seeing:
>>>
>>>In ACLs (OpenLDAP 2.2.15, 2.2.16 are what I tested), ssf=0 triggers
>>>the following error:
>>>
>>>/etc/openldap/slapd.conf: line 122: invalid ssf value (0)
>>This is intended behavior.  If one doesn't want to require
>>any protective services, one simply shouldn't specify an SSF
>>value.
>
>Under normal circumstances I might supply defaults as follows:
>
>  security update_ssf=128 simple_bind=63

Seems to me that you are confused as to the proper usage of
these and other slapd.conf(5) directives (as the above
doesn't supply "defaults" of any sort).  Questions regarding
usage are more appropriately directed to the OpenLDAP-software
mailing list.

Kurt

References:
- ssf=0 disallowd in ACLs
  - From: "Richard L. Goerwitz III" <rgoerwit@carleton.edu>
- Re: ssf=0 disallowd in ACLs
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ssf=0 disallowd in ACLs
  - From: "Richard L. Goerwitz III" <rgoerwit@carleton.edu>

Prev by Date: Re: ssf=0 disallowd in ACLs
Next by Date: Re: Syncrepl nits with operational attributes (ITS#3289)
Index(es):
- Chronological
- Thread