directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill MacAllister <...@stanford.edu>
Subject Re: GSSAPI Binds to Directory Studio
Date Sun, 19 Dec 2010 18:40:04 GMT


--On Sunday, December 19, 2010 09:17:09 AM +0100 Stefan Seelmann <seelmann@apache.org>
wrote:

>> But, it seems that the searches are not using GSSAPI to secure the
>> traffice to the server because when I look at the ldap logs I see that
>> the ssf is zero.  In our case this means that no data can be returned.
>> (And, yes, I am a bit fuzzy on the exact details since ldapsearch just
>> does the right thing for me without my having to think about it.)  Any
>> ideas on how to deal with this?
>
> In the connection's 'Authentication' tab there is a section 'SASL
> Settings' where you can define the QoP. By default it is set to
> 'Authentication only', you should set it to 'Authentication with
> integrity and privacy protection' to enable message privacy. The other
> parameter 'Protection Strength' should be set to high (I think this
> sets ssf to 128).
>
> Kind Regards,
> Stefan

Perfect again.  Works like a charm now.  This was also one of those
"of course, you idiot" moments for me.

Thanks,

Bill

-- 

Bill MacAllister
Infrastructure Delivery Group, Stanford University


Mime
View raw message