[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapi security level?

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: ldapi security level?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 27 Jun 2004 10:45:51 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <HBF.20040627ijw9@bombur.uio.no>
References: <HBF.20040627ijw9@bombur.uio.no>

At 09:23 AM 6/27/2004, Hallvard B Furuseth wrote:
>Isn't ldapi:/// secure?

It is not completely without fear of risk; but generally
the fear is generally considered low in comparison to
other schemes.

>slapd.conf contains:
>
>  # Require TLS/SSL for Simple Bind with password and for updates.
>  security      simple_bind=128 update_ssf=128
>  # Don't accept unprotected passwords, d'ont show passwords.
>  access to attr=userPassword by * ssf=128 auth

ldapi:/// has an implicit SSF of 71 (LDAP_PVT_SASL_LOCAL_SSF
in ldap_pvt.h).  You can reset this if you find it too low
(or too high).

Kurt

References:
- ldapi security level?
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: ldapi security level?
Next by Date: Re: ldapi security level?
Index(es):
- Chronological
- Thread