[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Center for Internet Security benchmark for OpenLDAP

Quanah Gibson-Mount wrote:
--On Thursday, September 27, 2007 11:49 PM -0700 Howard Chu <hyc@symas.com> wrote:
 >> disallow
 >> bind_simple_unprotected

 > There is no such directive in OpenLDAP. Where did this recommendation
 > come from?

There used to be, though.

Hm, a grep through my source tree shows it was added in 2.1.5 and removed around 2.1.7, October 2002. It was only in the code for a month or two. For a document written in August 2007 purportedly about OpenLDAP 2.3, there's really no basis for this recommendation; it's the equivalent of folklore and old wives' tales. Not exactly a sound foundation for a security policy.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/