[Date Prev][Date Next] [Chronological] [Thread] [Top]

ssf=0 disallowd in ACLs

To: openldap-bugs@OpenLDAP.org
Subject: ssf=0 disallowd in ACLs
From: "Richard L. Goerwitz III" <rgoerwit@carleton.edu>
Date: Mon, 13 Sep 2004 13:03:30 -0500
In-reply-to: <200408171939.i7HJdITi015917@boole.openldap.org>
Organization: Carleton College
References: <200408171939.i7HJdITi015917@boole.openldap.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803

I'm sorry if I'm misunderstanding the behavior I'm seeing, but let me
try to be brief, and helpful here in describing the issue I'm seeing:

In ACLs (OpenLDAP 2.2.15, 2.2.16 are what I tested), ssf=0 triggers
the following error:

  /etc/openldap/slapd.conf: line 122: invalid ssf value (0)

There might in fact be a good reason for dropping the default security
level.  E.g., in some scenarios it's perfect appropriate if the remote
host is local (127.0.0.1, suppose) for authentication to occur cleartext
over an unencrypted link, even though everywhere else this might not be
permitted.

--

Richard L. Goerwitz III		   Email: Richard.Goerwitz@Carleton.edu
Phone: +1 507 646 5526				   Fax: +1 507 646 4537
PGP key fingerprint: 4471 B6D3 57CC B2DC A0CF  82D3 0B7D EA19 F425 B0E0

Follow-Ups:
- Re: ssf=0 disallowd in ACLs
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: stats (and back-monitor) counters wrap when overflowing (ITS#3324)
Next by Date: com.novell.ldap.connectionpool.PoolManager unable to rebind existing available connections upon LDAP server failure (ITS#3327)
Index(es):
- Chronological
- Thread