On 08.04.2016 09:11, Dieter Klünter wrote: > Am Thu, 7 Apr 2016 16:16:47 -0400 > schrieb Frank Crow <fjcrow2...@gmail.com>: > >> I have locked down my server to disallow anonymous binds and set the >> SSF=128. I also have SaslSecProps: noplain,noanonymous,minssf=128 >> >> Which all seems to work fine for my usage with one exception. If I >> try to use any of the command line tools with "-Y EXTERNAL -H >> ldapi:///", I now get: >> >> additional info: SASL(-15): mechanism too weak for this user: mech >> EXTERNAL is too weak >> >> Is there some configuration item that I can change to allow that work >> while maintaining my existing policy of no anonymous binds for >> everything else, etc? > > The default ssf for ldapi is 71, but you may configure a security > strength factor to your liking. See manual page slapd.conf(5) localSSF. >
another way is to make a ACL with different restrictions for ssf. See the man page slapd.access and the official documentation section 8.4.9 best regards Michael > -Dieter > -- Michael Wandel Braakstraße 43 33647 Bielefeld
