[Date Prev][Date Next]
Re: Seems I do not understand the ssf entries..... either that or something a bit more strange.
--On June 12, 2008 5:01:28 PM -0500 Pat Riehecky <email@example.com> wrote:
From the doc ( http://www.openldap.org/doc/admin24/security.html )
security controls disallow operations when appropriate protections are
not in place. For example:
security ssf=1 update_ssf=112
In an ideal world I would like security update_ssf=128 simple_bind=112
to be working (force 3DES or better for a bind, for AES or better for an
update), but I will settle for what must I do to make the documented
example work for me?
Build your own OpenLDAP linked against OpenSSL, and use a strong key for
generating the cert used by OpenLDAP.
I also suggest searching the OpenLDAP-devel archives as to why using GnuTLS
is considered harmful.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration