On 07/26/2018 01:38 PM, Hallvard Breien Furuseth wrote:
I wrote:
(...) any particular value will be wrong for someone.
Depends on how safe your filesystem setup is and whether it's easier
to break in to get at the ldapi socket than it is to just attack slapd.
You could forge ldapi: credentials
On 07/26/2018 01:34 PM, Hallvard Breien Furuseth wrote:
On 26. juli 2018 09:04, Dieter Klünter wrote:
Am Thu, 26 Jul 2018 08:19:34 +0200
schrieb Michael Ströder :
I really wonder why it was set to 71.
As Kurt mentioned on 1st. LDAPCon in Cologne, it is higher value than 56
and less than 128.
I wrote:
(...) any particular value will be wrong for someone.
Depends on how safe your filesystem setup is and whether it's easier
to break in to get at the ldapi socket than it is to just attack slapd.
I forgot:
You could forge ldapi: credentials in early OpenLDAP versions,
depending on whet
On 26. juli 2018 09:04, Dieter Klünter wrote:
Am Thu, 26 Jul 2018 08:19:34 +0200
schrieb Michael Ströder :
On 07/26/2018 04:47 AM, Ryan Tandy wrote:
I propose increasing the default olcLocalSSF to 128. Mentioned
initially on IRC, now bringing it to the list for completeness and
archival.
In t
On 07/26/2018 09:04 AM, Dieter Klünter wrote:
Am Thu, 26 Jul 2018 08:19:34 +0200
schrieb Michael Ströder :
But why not choosing an even higher value like 256?
I really wonder why it was set to 71.
As Kurt mentioned on 1st. LDAPCon in Cologne, it is higher value than 56
and less than 128.
But
Am Thu, 26 Jul 2018 08:19:34 +0200
schrieb Michael Ströder :
> On 07/26/2018 04:47 AM, Ryan Tandy wrote:
> > I propose increasing the default olcLocalSSF to 128. Mentioned
> > initially on IRC, now bringing it to the list for completeness and
> > archival.
> >
> > In typical setups people want to
