Gunnar Frenzel Gunnar_Frenzel@web.de writes:
Dieter Kluenter schrieb:
"Dieter Kluenter" dieter@dkluenter.de writes:
[...]
[...]
security ssf=128
[...] The hard coded ssf for ldapi is 71, so you have to reduce security ssf.
When I change security ssf=128 to a lower value then this affects not only ldapi but ldaps as well, right? I want to leave ldaps to require TLS but reduce security for ldapi only, so I could not achieve this by reducing security ssf?
Actually, ldaps is tls, you can not connect to port 636 without proper TLS configuration on server on client side. In fact TLSCipherSuite MEDIUM defines 128 bit ciphers. man slapd.conf(5) offers a variety of ssf options, just an example:
security ssf=1 sasl=56 tls=128
thus the default ssf for ldapi is applied
the default ssf for ldapi can be modified by adding localSSF <ssf> to slapd.conf(5).
As I wrote I tried adding: localSSF 0 to slapd.conf but this didn't not change the behaviour at all. :(
localSSF 128 would overwrite the default value.
-Dieter