28 Sep
2007
28 Sep
'07
9:37 a.m.
Quanah Gibson-Mount wrote:
--On Thursday, September 27, 2007 11:49 PM -0700 Howard Chu hyc@symas.com wrote:
disallow bind_simple_unprotected
There is no such directive in OpenLDAP. Where did this recommendation come from?
There used to be, though.
Hm, a grep through my source tree shows it was added in 2.1.5 and removed around 2.1.7, October 2002. It was only in the code for a month or two. For a document written in August 2007 purportedly about OpenLDAP 2.3, there's really no basis for this recommendation; it's the equivalent of folklore and old wives' tales. Not exactly a sound foundation for a security policy.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/