User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a8pre) Gecko/2007091708 SeaMonkey/2.0a1pre
Quanah Gibson-Mount wrote:
--On Thursday, September 27, 2007 11:49 PM -0700 Howard Chu <hyc@symas.com>
wrote:
>> disallow
>> bind_simple_unprotected
> There is no such directive in OpenLDAP. Where did this recommendation
> come from?
There used to be, though.
Hm, a grep through my source tree shows it was added in 2.1.5 and removed around
2.1.7, October 2002. It was only in the code for a month or two. For a document
written in August 2007 purportedly about OpenLDAP 2.3, there's really no basis for
this recommendation; it's the equivalent of folklore and old wives' tales. Not
exactly a sound foundation for a security policy.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/