[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapi security level?

At 09:23 AM 6/27/2004, Hallvard B Furuseth wrote:
>Isn't ldapi:/// secure?

It is not completely without fear of risk; but generally
the fear is generally considered low in comparison to
other schemes.

>slapd.conf contains:
>  # Require TLS/SSL for Simple Bind with password and for updates.
>  security      simple_bind=128 update_ssf=128
>  # Don't accept unprotected passwords, d'ont show passwords.
>  access to attr=userPassword by * ssf=128 auth

ldapi:/// has an implicit SSF of 71 (LDAP_PVT_SASL_LOCAL_SSF
in ldap_pvt.h).  You can reset this if you find it too low
(or too high).