I'm asking your help beacause i'm stuck since 2 days about that.
After i have setting up TLS and SSL on my OpenLDAP server, it works fine but i can not execute command anymore to edit the configuration.
When i try to change the configuration with a command like this : ldapmodify -Q -Y EXTERNAL -H ldapi:///
It return me an error like :
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Confidentiality required (13)
additional info: TLS confidentiality required
And when i specify ssl connection by adding -Z
or -ZZ
on the command this return me this error :
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Authentication method not supported (7)
additional info: SASL(-4): no mechanism available:
Does anyone have any idea about how to resolve that ?
The default SSF value for LDAPI access is 71 which is below the default value of required minssf in attribute olcSaslSecProps.
So instead of lowering the required SSF value you should set attribute olcLocalSSF to a higher value.
To have the ldapi connection working, the olcLocalSSF have to be equal or higher than olcSecurity
Example :
In this example,
128
is the minimum number of bits required for the cryptographic key. All connections with key below that value will be deniedNormally values of the key lenght would be 40, 56, 64, 128, 164 and 256