Re: ldapi and StartTLS
On 2018-07-12 06:52, Norman Gray wrote:
What am I misunderstanding?
In the slapd.ldif I have:
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
olcSecurity: ssf=128
olcTLSCertificateFile: /usr/local/etc/openldap/certs/XXX.crt
olcTLSCertificateKeyFile: /usr/local/etc/openldap/certs/XXX.key
olcTLSCACertificateFile: /usr/local/etc/openldap/certs/FOO
olcLogLevel: 0
Have a look at 'olcLocalSSF' in slapd-config(5), which lets you set the
security strength factor for local (i.e. ldapi://) sessions. It defaults
to 71, which is likely why you're seeing that error message. Personally,
I bump it up to 256, to match the ssf=256 I have set in the olcSecurity
attribute on cn=config.
--
Richard Gray
_____________________________________________________________________________
This email has been filtered by SMX. For more info visit http://smxemail.com
_____________________________________________________________________________