directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill MacAllister <>
Subject Re: GSSAPI Binds to Directory Studio
Date Sun, 19 Dec 2010 18:40:04 GMT

--On Sunday, December 19, 2010 09:17:09 AM +0100 Stefan Seelmann <>

>> But, it seems that the searches are not using GSSAPI to secure the
>> traffice to the server because when I look at the ldap logs I see that
>> the ssf is zero.  In our case this means that no data can be returned.
>> (And, yes, I am a bit fuzzy on the exact details since ldapsearch just
>> does the right thing for me without my having to think about it.)  Any
>> ideas on how to deal with this?
> In the connection's 'Authentication' tab there is a section 'SASL
> Settings' where you can define the QoP. By default it is set to
> 'Authentication only', you should set it to 'Authentication with
> integrity and privacy protection' to enable message privacy. The other
> parameter 'Protection Strength' should be set to high (I think this
> sets ssf to 128).
> Kind Regards,
> Stefan

Perfect again.  Works like a charm now.  This was also one of those
"of course, you idiot" moments for me.




Bill MacAllister
Infrastructure Delivery Group, Stanford University

View raw message