mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#4795 drop "disallow bind_simple_unprotected"...

Browse Source
This commit is contained in:
Howard Chu 2006-12-30 08:04:42 +00:00
parent 6222b79bc8
commit 6f571451ef
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/guide/admin/security.sdf
View File

@ -148,10 +148,11 @@ it be used only in tightly controlled systems or when the LDAP
session is protected by other means (e.g., TLS, {{TERM:IPsec}}).
Where the administrator relies on TLS to protect the password, it
is recommended that unprotected authentication be disabled. This
is done by setting "{{EX:disallow bind_simple_unprotected}}" in
{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}}
option provides fine grain control over the level of confidential
is done using the {{EX:security}} directive's {{EX:simple_bind}}
option, which provides fine grain control over the level of confidential
protection to require for {{simple}} user/password authentication.
E.g., using {{EX:security simple_bind=56}} would require {{simple}}
binds to use encryption of DES equivalent or better.
The user/password authenticated bind mechanism can be completely
disabled by setting "{{EX:disallow bind_simple}}".