[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapi and StartTLS

To: "Richard Gray" <richard.gray@smxemail.com>, "Michael Ströder" <michael@stroeder.com>
Subject: Re: ldapi and StartTLS
From: "Norman Gray" <gray@nxg.name>
Date: Tue, 07 Aug 2018 13:21:59 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <496739ee-3589-8c86-98d3-01fdeb7d5b52@smxemail.com>
References: <582721E8-C6A3-4A79-9F5F-37F00A49ADF8@nxg.name> <496739ee-3589-8c86-98d3-01fdeb7d5b52@smxemail.com>


Michael and Richard, hello.

On 16 Jul 2018, at 5:09, Richard Gray wrote:

Have a look at 'olcLocalSSF' in slapd-config(5), which lets you setthe security strength factor for local (i.e. ldapi://) sessions. Itdefaults to 71, which is likely why you're seeing that error message.Personally, I bump it up to 256, to match the ssf=256 I have set inthe olcSecurity attribute on cn=config.

Many thanks for this advice -- it works perfectly. I've set olcLocalSSFto 256.


Hmm: 71 is an oddly-chosen default.  Is there a story there, I wonder?

(Apologies, also, for taking so long to respond: this project hadswapped right out of my head, and it was only a couple of days ago thatit was able to page back in).


Best wishes,

Norman


--
Norman Gray  :  https://nxg.me.uk

Prev by Date: Re: Search memberOf
Next by Date: daemon: bind(11) failed errno=2 (No such file or directory)
Index(es):
- Chronological
- Thread