Re-read what the slap.conf(5) man page says.
That's unhelpful. It's of course, already been read.
man slapd.conf ... minssf=<factor> property specifies the minimum acceptable security strength factor ... maxssf=<factor> property specifies the maximum acceptable security strength factor ...
Reads to me like "SASL SSF" is set by min/maxssf. It certainly affects it. Unfortuntely, in a manner that's confusing.
If have some helpful clarification, please state it.
Thanks.
--On Tuesday, September 09, 2008 6:14 AM -0700 PGNet pgnet.trash@gmail.com wrote:
Re-read what the slap.conf(5) man page says.
That's unhelpful. It's of course, already been read.
man slapd.conf ... minssf=<factor> property specifies the minimum acceptable security strength factor ... maxssf=<factor> property specifies the maximum acceptable security strength factor ...
Reads to me like "SASL SSF" is set by min/maxssf. It certainly affects it. Unfortuntely, in a manner that's confusing.
If have some helpful clarification, please state it.
No where does it say there that it sets the minimum SSF of connections. It says it specifies the minimum or maximum acceptable SSF. I.e., if you set the minimum SSF to 128, and an incoming connection only uses 56, then XYZ won't be usable.
I've generally used this type of restriction more with ACLs, such as:
by dn.base="cn=xyz,dc=example,dc=com" sasl_ssf=56 read
because some things (java, for example) default the SSF to 0.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
PGNet -
Quanah Gibson-Mount