[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Increase default olcLocalSSF to 128

I wrote:
(...) any particular value will be wrong for someone.
Depends on how safe your filesystem setup is and whether it's easier
to break in to get at the ldapi socket than it is to just attack slapd.

I forgot:

You could forge ldapi: credentials in early OpenLDAP versions,
depending on whether the OS provided a safe way to pass user
credentials or not.  There's some hack in place now for OSes which
don't, but I seem to remember I never felt all that trustful of it.