This used to work... $ sudo ldapmodify -Y EXTERNAL -f 30logging.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Confidentiality required (13) additional info: stronger confidentiality required
The log says slapd[1266]: conn=6619437 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
This is my olcSecurity setting: olcSecurity: ssf=128 simple_bind=128
How would I fix this? It seems to be a catch-22.
--On Tuesday, July 24, 2018 11:38 AM -0700 Mark Foster mdf@extrahop.com wrote:
This is my olcSecurity setting: olcSecurity: ssf=128 simple_bind=128
How would I fix this? It seems to be a catch-22.
Correctly configure olcLocalSSF
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On Tue, Jul 24, 2018 at 10:38:10AM -0700, Mark Foster wrote:
The log says slapd[1266]: conn=6619437 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
This is my olcSecurity setting: olcSecurity: ssf=128 simple_bind=128
How would I fix this? It seems to be a catch-22.
The olcLocalSSF setting controls the SSF assigned to ldapi:// connections. Your log above shows that your connection got an SSF of 71, which is the default value for olcLocalSSF; meanwhile you've configured olcSecurity to require a minimum of 128. So you need to increase olcLocalSSF to at least 128, or reduce olcSecurity.
openldap-technical@openldap.org
-
Mark Foster -
Quanah Gibson-Mount -
Ryan Tandy