--On Thursday, September 27, 2007 11:49 PM -0700 Howard Chu <[EMAIL PROTECTED]>
wrote:
>> 2.15 Require Protection For Simple Bind
>> Although this directive is
>> redundant the to the simple_bind security factor, it is still
recommended
>> as it is vital to protect the authentication process. Of course the
SSF
>> setting allows greater control of the ciphers used. Discussion: The
>> 'disallow bind_simple_unprotected' directive requires at least some
level
>> of encryption before simple password bind operations are allowed.
disallow
>> bind_simple_unprotected
>
> There is no such directive in OpenLDAP. Where did this recommendation
come from?
There used to be, though. The current equivalent is:
security simple_bind=0
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
