Re: Center for Internet Security benchmark for OpenLDAP

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Thursday, September 27, 2007 11:49 PM -0700 Howard Chu <hyc@symas.com> 
wrote:

>  >> 2.15 Require Protection For Simple Bind
>  >> Although this directive is
>  >> redundant the to the simple_bind security factor, it is still
> recommended
>  >> as it is vital to protect the authentication process. Of course the
> SSF
>  >> setting allows greater control of the ciphers used. Discussion: The
>  >> 'disallow bind_simple_unprotected' directive requires at least some
> level
>  >> of encryption before simple password bind operations are allowed.
> disallow
>  >> bind_simple_unprotected
>  >
>  > There is no such directive in OpenLDAP. Where did this recommendation
> come from?

There used to be, though.  The current equivalent is:

security simple_bind=0

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration