On Thu, 2008-06-12 at 16:49 -0700, Quanah Gibson-Mount wrote: > > --On June 12, 2008 5:01:28 PM -0500 Pat Riehecky <[EMAIL PROTECTED]> wrote: > > >> From the doc ( http://www.openldap.org/doc/admin24/security.html ) > > ----------------- > > security controls disallow operations when appropriate protections are > > not in place. For example: > > > > security ssf=1 update_ssf=112 > > > In an ideal world I would like security update_ssf=128 simple_bind=112 > > to be working (force 3DES or better for a bind, for AES or better for an > > update), but I will settle for what must I do to make the documented > > example work for me? > > Build your own OpenLDAP linked against OpenSSL, and use a strong key for > generating the cert used by OpenLDAP. > > I also suggest searching the OpenLDAP-devel archives as to why using GnuTLS > is considered harmful.
After a rebuild with openssl everything works exactly as expected, Thanks for the info, I would not have expected that fix, but there it was! Pat
