Hi
On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:You might ask on a list supporting the particular client you are using how to configure this client to secure LDAP with TLS (SSL).
You previous post actually help me identify the issue with this client, and I can get it to work now. The problem was (as you suggested) that even though it was using port 636, it would issue a Start TLS call, which on an SSL connection isn't going to work. I've raised a bug with the supplier on this matter.
security <factors>
Specify a set of security strength factors (separated
by white space) to require (see sasl-secprops's minssf
option for a description of security strength factors).
The directive may be specified globally and/or per-
database. ssf=<n> specifies the overall security
strength factor. transport=<n> specifies the transport
security strength factor. tls=<n> specifies the TLS
security strength factor. sasl=<n> specifies the SASL
security strength factor. update_ssf=<n> specifies the
overall security strength factor to require for
directory updates. update_transport=<n> specifies the
transport security strength factor to require for
directory updates. update_tls=<n> specifies the TLS
security strength factor to require for directory
updates. update_sasl=<n> specifies the SASL security
strength factor to require for directory updates.
simple_bind=<n> specifies the security strength factor
required for simple username/password authentication.
Note that the transport factor is measure of security
provided by the underlying transport, e.g. ldapi://
(and eventually IPSEC). It is not normally used.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html