[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: forcing encryption for external server access while allowing unencrypted localhost connections

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: forcing encryption for external server access while allowing unencrypted localhost connections
From: Chris Paul <openldap@rexconsulting.net>
Date: Tue, 14 Sep 2004 16:30:03 -0700
Cc: Dieter Kluenter <dieter@dkluenter.de>, openldap-software@OpenLDAP.org
In-reply-to: <6.1.2.0.0.20040910141706.0426a150@127.0.0.1>
References: <413E1FC9.9080102@rexconsulting.net> <m3u0u95kwc.fsf@marin.l4b.de> <4141E801.5040908@rexconsulting.net> <6.1.2.0.0.20040910141706.0426a150@127.0.0.1>
User-agent: Mozilla Thunderbird 0.5 (X11/20040817)

Kurt D. Zeilenga wrote:

You've required more confidentiality protection than ldapi://
purports to provide.  The ldapi:// is, by default, only 71.
You can change the SSF by defining the macro LDAP_PVT_LOCAL_SSF
in your CPPFLAGS.


Hi Kurt,

Thanks for the response. I recompiled OpenLDAP with this option. In fact here are all my flags/options/configure statements:

export CPPFLAGS='-I/usr/local/BerkeleyDB.4.2/include -I/usr/include -I/usr/include/openssl -DOPENSSL_NO_KRB5 -DLDAP_PVT_LOCAL_SSF' export LDFLAGS='-L/usr/local/BerkeleyDB.4.2/lib -L/lib/tls -L/lib' ./configure --sysconfdir=/etc --enable-bdb=yes --disable-ldbm make sudo make install

Then I start slapd:

/usr/local/libexec/slapd -u ldap -g ldap -h "ldap://10.10.10.50:389 ldapi:///"

And then I still get this:

search: 2
result: 13 Confidentiality required
text: stronger confidentiality required

And of course, like I said, I have "security ssf=128" in the /etc/openldap.conf global configuration.

regards,

CP

Follow-Ups:
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: "Richard L. Goerwitz III" <richard@Goerwitz.com>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Chris Paul <openldap@rexconsulting.net>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Chris Paul <openldap@rexconsulting.net>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Does this make sense?
Next by Date: Re: configure: error: Berkeley DB version mismatch
Index(es):
- Chronological
- Thread