directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: GSSAPI Binds to Directory Studio
Date Sun, 19 Dec 2010 08:17:09 GMT
> But, it seems that the searches are not using GSSAPI to secure the
> traffice to the server because when I look at the ldap logs I see that
> the ssf is zero.  In our case this means that no data can be returned.
> (And, yes, I am a bit fuzzy on the exact details since ldapsearch just
> does the right thing for me without my having to think about it.)  Any
> ideas on how to deal with this?

In the connection's 'Authentication' tab there is a section 'SASL
Settings' where you can define the QoP. By default it is set to
'Authentication only', you should set it to 'Authentication with
integrity and privacy protection' to enable message privacy. The other
parameter 'Protection Strength' should be set to high (I think this
sets ssf to 128).

Kind Regards,
Stefan

Mime
View raw message