[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapmodify -Y EXTERNAL failure - Confidentiality required (13)

On Tue, Jul 24, 2018 at 10:38:10AM -0700, Mark Foster wrote:
The log says
slapd[1266]: conn=6619437 op=0
BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
mech=EXTERNAL sasl_ssf=0 ssf=71

This is my olcSecurity setting:
olcSecurity: ssf=128 simple_bind=128

How would I fix this? It seems to be a catch-22.

The olcLocalSSF setting controls the SSF assigned to ldapi:// connections. Your log above shows that your connection got an SSF of 71, which is the default value for olcLocalSSF; meanwhile you've configured olcSecurity to require a minimum of 128. So you need to increase olcLocalSSF to at least 128, or reduce olcSecurity.