I have locked down my server to disallow anonymous binds and set the
SSF=128. I also have SaslSecProps: noplain,noanonymous,minssf=128
Which all seems to work fine for my usage with one exception. If I try to
use any of the command line tools with "-Y EXTERNAL -H ldapi:///", I now
get:
additional info: SASL(-15): mechanism too weak for this user: mech EXTERNAL
is too weak
Is there some configuration item that I can change to allow that work while
maintaining my existing policy of no anonymous binds for everything else,
etc?