[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Center for Internet Security benchmark for OpenLDAP

--On Thursday, September 27, 2007 11:49 PM -0700 Howard Chu <hyc@symas.com> wrote:

 >> 2.15 Require Protection For Simple Bind
 >> Although this directive is
 >> redundant the to the simple_bind security factor, it is still
 >> as it is vital to protect the authentication process. Of course the
 >> setting allows greater control of the ciphers used. Discussion: The
 >> 'disallow bind_simple_unprotected' directive requires at least some
 >> of encryption before simple password bind operations are allowed.
 >> bind_simple_unprotected
 > There is no such directive in OpenLDAP. Where did this recommendation
come from?

There used to be, though. The current equivalent is:

security simple_bind=0



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration