[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapi and StartTLS
- To: openldap-technical@openldap.org
- Subject: Re: ldapi and StartTLS
- From: Richard Gray <richard.gray@smxemail.com>
- Date: Mon, 16 Jul 2018 16:09:22 +1200
- Cc: gray@nxg.name
- Content-language: en-GB-large
- Dkim-signature: v=1; a=rsa-sha256; d=nz.smxemail.com; s=alpha; c=relaxed/relaxed; q=dns/txt; i=@nz.smxemail.com; t=1531714166; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc; bh=7+nxEC7WgdKz7jT96XA4wI1eEvPjUTB1leJ4ZKEymPk=; b=D8CA1E/d3AC8NxJpCxVQoM6pnmAkBG0nRCEYOQlITlkjV2cWcZTG+CKQOCljZPWr MTKq7NvlEri41V/qOt+xB4KxXf/X7+Hf6brgAsls29NHeJIZFebpNsB4TFUz2mx4 LLuz8GltIwW7yhFXuF2P/iW9lC5GhlGU+b7iKdKkpEc=;
- In-reply-to: <582721E8-C6A3-4A79-9F5F-37F00A49ADF8@nxg.name>
- References: <582721E8-C6A3-4A79-9F5F-37F00A49ADF8@nxg.name>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
On 2018-07-12 06:52, Norman Gray wrote:
What am I misunderstanding?
In the slapd.ldif I have:
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
olcSecurity: ssf=128
olcTLSCertificateFile: /usr/local/etc/openldap/certs/XXX.crt
olcTLSCertificateKeyFile: /usr/local/etc/openldap/certs/XXX.key
olcTLSCACertificateFile: /usr/local/etc/openldap/certs/FOO
olcLogLevel: 0
Have a look at 'olcLocalSSF' in slapd-config(5), which lets you set the
security strength factor for local (i.e. ldapi://) sessions. It defaults
to 71, which is likely why you're seeing that error message. Personally,
I bump it up to 256, to match the ssf=256 I have set in the olcSecurity
attribute on cn=config.
--
Richard Gray
_____________________________________________________________________________
This email has been filtered by SMX. For more info visit http://smxemail.com
_____________________________________________________________________________