mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#4795 drop "disallow bind_simple_unprotected"...

Browse Source
This commit is contained in:
Howard Chu 2006-12-30 08:04:42 +00:00
parent 6222b79bc8
commit 6f571451ef
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/guide/admin/security.sdf
View File

@ -148,10 +148,11 @@ it be used only in tightly controlled systems or when the LDAP
session is protected by other means (e.g., TLS, {{TERM:IPsec}}). session is protected by other means (e.g., TLS, {{TERM:IPsec}}).
Where the administrator relies on TLS to protect the password, it Where the administrator relies on TLS to protect the password, it
is recommended that unprotected authentication be disabled. This is recommended that unprotected authentication be disabled. This
is done by setting "{{EX:disallow bind_simple_unprotected}}" in is done using the {{EX:security}} directive's {{EX:simple_bind}}
{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}} option, which provides fine grain control over the level of confidential
option provides fine grain control over the level of confidential
protection to require for {{simple}} user/password authentication. protection to require for {{simple}} user/password authentication.
E.g., using {{EX:security simple_bind=56}} would require {{simple}}
binds to use encryption of DES equivalent or better.
The user/password authenticated bind mechanism can be completely The user/password authenticated bind mechanism can be completely
disabled by setting "{{EX:disallow bind_simple}}". disabled by setting "{{EX:disallow bind_simple}}".