Re: Center for Internet Security benchmark for OpenLDAP

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Thursday 27 September 2007 20:09:19 Howard Chu wrote:
> > Unfortunately, they show configuration for slurpd in their section
> > on "Redundant LDAP Servers".
> >
> > I wonder if it is worthwhile providing CIS with feedback?
>
> Now that you've pointed it out, I went and downloaded it. I find the
> quality of the editing of this document to be pretty abysmal, but the
> factual content is at least fixable. I'll be sending some feedback to the
> editor shortly.
>
> As usual, if you want to know "best practices", the best way to get that is
> just to ask us or read the docs we've already written...

Indeed, but unfortunately our esteemed security group bases their security 
standards on the CIS benchmarks (usually their changes reduce the technical 
quality at the expense of formatting etc.), so I suspect at some stage I'll 
be getting questions about an OpenLDAP standard (and I'll probably have to 
fix it up more than I have the Linux one ...).

Regards,
Buchan