[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcSecurity: tls=1 and olcLocalSSF= : what value should I use?

To: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>, OpenLDAP Technical <openldap-technical@openldap.org>
Subject: Re: olcSecurity: tls=1 and olcLocalSSF= : what value should I use?
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Thu, 06 Sep 2018 11:36:33 -0700
Content-disposition: inline
In-reply-to: <20180906164005.GB8166@bic.mni.mcgill.ca>
References: <20180906164005.GB8166@bic.mni.mcgill.ca>

--On Thursday, September 06, 2018 1:40 PM -0400 Jean-Francois Malouin<Jean-Francois.Malouin@bic.mni.mcgill.ca> wrote:

I guess I need to modify either 'olcSecurity: tls=1' in the database
config or add/insert the proper value for 'olcLocalSSF=' in the
cn=config. What value should I use in order to still force StartTLS over
simple binding and allow read/write/modify local access on the ldapi:///
listener.


Hello,

Just set:

olcSecurity: ssf=1

that will allow either to work as *some* SSF level is then required.

As long as you have tls=X, then it will always require TLS, regardless ofwhat the LocalSSF setting is configured to be.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: olcSecurity: tls=1 and olcLocalSSF= : what value should I use?
  - From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>

References:
- olcSecurity: tls=1 and olcLocalSSF= : what value should I use?
  - From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>

Prev by Date: olcSecurity: tls=1 and olcLocalSSF= : what value should I use?
Next by Date: Re: Replication issue? Data is different between master and consumer with same entryCSNs
Index(es):
- Chronological
- Thread