[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: different SSF settings for ldapi:// than for ldap:

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, openldap-technical@openldap.org
Subject: Re: Q: different SSF settings for ldapi:// than for ldap:
From: Michael Ströder <michael@stroeder.com>
Date: Sun, 29 Mar 2015 12:12:11 +0200
In-reply-to: <55150F5F020000A1000199DC@gwsmtp1.uni-regensburg.de>
References: <55150F5F020000A1000199DC@gwsmtp1.uni-regensburg.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 SeaMonkey/2.33.1

Ulrich Windl wrote:

I've configured slapd to require excryption (confidentiality).


You did not post relevant configuration details.

Now
connections via ldapi:// fail with "13 Confidentiality required". When
adding "-ZZ" for ldapsearch (e.g.), the connection fails, because the
certificate does not match ldapi:// (I asked about that before, but got no
answer). How can I configure slapd not to require confidentiality?


Obviously using TLS over ldapi:// does not make sense.

I have this in my config:

# SSF value for ldapi://
localSSF 256
# minimum required SSF value (security strength factor)
security ssf=128

See slapd.conf(5) for details.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Q: different SSF settings for ldapi:// than for ldap:
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Re: Fwd: 2.4.40 memory leak?
Next by Date: Re: Questionable log entries
Index(es):
- Chronological
- Thread