Hi
On 1/22/07, Kurt D. Zeilenga <Kurt@openldap.org> wrote:You might ask on a list supporting the particular client you are using how to configure this client to secure LDAP with TLS (SSL).
You previous post actually help me identify the issue with this client, and I can get it to work now. The problem was (as you suggested) that even though it was using port 636, it would issue a Start TLS call, which on an SSL connection isn't going to work. I've raised a bug with the supplier on this matter.
security <factors> Specify a set of security strength factors (separated by white space) to require (see sasl-secprops's minssf option for a description of security strength factors). The directive may be specified globally and/or per- database. ssf=<n> specifies the overall security strength factor. transport=<n> specifies the transport security strength factor. tls=<n> specifies the TLS security strength factor. sasl=<n> specifies the SASL security strength factor. update_ssf=<n> specifies the overall security strength factor to require for directory updates. update_transport=<n> specifies the transport security strength factor to require for directory updates. update_tls=<n> specifies the TLS security strength factor to require for directory updates. update_sasl=<n> specifies the SASL security strength factor to require for directory updates. simple_bind=<n> specifies the security strength factor required for simple username/password authentication. Note that the transport factor is measure of security provided by the underlying transport, e.g. ldapi:// (and eventually IPSEC). It is not normally used.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html