[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAPI mechanism too weak for this user
Am Thu, 7 Apr 2016 16:16:47 -0400
schrieb Frank Crow <fjcrow2008@gmail.com>:
> I have locked down my server to disallow anonymous binds and set the
> SSF=128. I also have SaslSecProps: noplain,noanonymous,minssf=128
>
> Which all seems to work fine for my usage with one exception. If I
> try to use any of the command line tools with "-Y EXTERNAL -H
> ldapi:///", I now get:
>
> additional info: SASL(-15): mechanism too weak for this user: mech
> EXTERNAL is too weak
>
> Is there some configuration item that I can change to allow that work
> while maintaining my existing policy of no anonymous binds for
> everything else, etc?
The default ssf for ldapi is 71, but you may configure a security
strength factor to your liking. See manual page slapd.conf(5) localSSF.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E