Am Tue, 28 Dec 2010 09:41:33 +0000 schrieb Brian Candler <[email protected]>:
> Supplementary question: I tried to set minssf so as to require > encryption, like this: > > # ldapmodify -Y EXTERNAL -H ldapi:/// <<EOS > dn: cn=config > replace: olcSaslRealm > olcSaslRealm: WS.NSRC.ORG > - > replace: olcSaslSecProps > olcSaslSecProps: noanonymous,noplain,minssf=112 > EOS > > Unfortunately I now seem to have locked myself out from using the > EXTERNAL mechanism: > > # ldapsearch -s base -b "cn=config" -Y EXTERNAL -H ldapi:/// > SASL/EXTERNAL authentication started > ldap_sasl_interactive_bind_s: Inappropriate authentication (48) > additional info: SASL(-15): mechanism too weak for this user: > mech EXTERNAL is too weak The default ssf of ldapi is 71, but you may change localSSF in slapd.conf(5). [...] -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
