From: Howard Chu Date: Sat, 30 Dec 2006 08:04:42 +0000 (+0000) Subject: ITS#4795 drop "disallow bind_simple_unprotected"... X-Git-Tag: OPENLDAP_REL_ENG_2_4_4ALPHA~8^2~293 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6f571451ef5236d6894f98c290629df706a431f2;p=openldap ITS#4795 drop "disallow bind_simple_unprotected"... --- diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf index 3ba16e6386..1324ee1354 100644 --- a/doc/guide/admin/security.sdf +++ b/doc/guide/admin/security.sdf @@ -148,10 +148,11 @@ it be used only in tightly controlled systems or when the LDAP session is protected by other means (e.g., TLS, {{TERM:IPsec}}). Where the administrator relies on TLS to protect the password, it is recommended that unprotected authentication be disabled. This -is done by setting "{{EX:disallow bind_simple_unprotected}}" in -{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}} -option provides fine grain control over the level of confidential +is done using the {{EX:security}} directive's {{EX:simple_bind}} +option, which provides fine grain control over the level of confidential protection to require for {{simple}} user/password authentication. +E.g., using {{EX:security simple_bind=56}} would require {{simple}} +binds to use encryption of DES equivalent or better. The user/password authenticated bind mechanism can be completely disabled by setting "{{EX:disallow bind_simple}}".