Re: Antw: Re: ssf Security Question

2017-11-22 Thread Michael Wandel
On 21.11.2017 22:39, Quanah Gibson-Mount wrote: > --On Monday, November 20, 2017 8:43 AM +0100 Ulrich Windl > wrote: > >> Hi! >> >> BTW: Does anyone know the backgraound of SUSE Linux Enterprise Server >> (SLES) moving from OpenLDAP to Redhat's directory server

Re: Antw: Re: ssf Security Question

2017-11-21 Thread William Brown
On Tue, 2017-11-21 at 13:39 -0800, Quanah Gibson-Mount wrote: > --On Monday, November 20, 2017 8:43 AM +0100 Ulrich Windl  > wrote: > > > Hi! > > > > BTW: Does anyone know the backgraound of SUSE Linux Enterprise > > Server > > (SLES) moving from OpenLDAP to

Re: Antw: Re: ssf Security Question

2017-11-21 Thread Quanah Gibson-Mount
--On Monday, November 20, 2017 8:43 AM +0100 Ulrich Windl wrote: Hi! BTW: Does anyone know the backgraound of SUSE Linux Enterprise Server (SLES) moving from OpenLDAP to Redhat's directory server in ist next release? Do you have a relevant link? --Quanah

Antw: Re: ssf Security Question

2017-11-21 Thread Ulrich Windl
>>> William Brown schrieb am 17.11.2017 um 06:31 in >>> Nachricht <1510896691.4395.140.ca...@redhat.com>: > On Thu, 2017-11-16 at 21:25 -0800, Quanah Gibson-Mount wrote: >> --On Friday, November 17, 2017 12:53 PM +1000 William Brown >> wrote: >> >> Hi

Re: ssf Security Question

2017-11-20 Thread William Brown
On Mon, 2017-11-20 at 11:22 +, Howard Chu wrote: > William Brown wrote: > > On Fri, 2017-11-17 at 08:34 +0100, Michael Ströder wrote: > > > William Brown wrote: > > > > Just want to point out there are some security risks with ssf > > > > settings. > > > > I have documented these here: > > > >

Re: ssf Security Question

2017-11-20 Thread Howard Chu
William Brown wrote: On Fri, 2017-11-17 at 08:34 +0100, Michael Ströder wrote: William Brown wrote: Just want to point out there are some security risks with ssf settings. I have documented these here: https://fy.blackhats.net.au/blog/html/2016/11/23/the_minssf_trap.ht ml Nice writeup. I

Re: ssf Security Question

2017-11-19 Thread William Brown
On Fri, 2017-11-17 at 08:34 +0100, Michael Ströder wrote: > William Brown wrote: > > Just want to point out there are some security risks with ssf > > settings. > > I have documented these here: > > > > https://fy.blackhats.net.au/blog/html/2016/11/23/the_minssf_trap.ht > > ml > > Nice writeup.

Re: ssf Security Question

2017-11-17 Thread Michael Ströder
William Brown wrote: > Just want to point out there are some security risks with ssf settings. > I have documented these here: > > https://fy.blackhats.net.au/blog/html/2016/11/23/the_minssf_trap.html Nice writeup. I always considered SSF values to be naive and somewhat overrated. People expect

Re: ssf Security Question

2017-11-16 Thread William Brown
On Thu, 2017-11-16 at 21:25 -0800, Quanah Gibson-Mount wrote: > --On Friday, November 17, 2017 12:53 PM +1000 William Brown  > wrote: > > Hi William, > > > Hey mate, > > > > Just want to point out there are some security risks with ssf > > settings. > > I have documented

Re: ssf Security Question

2017-11-16 Thread Quanah Gibson-Mount
--On Friday, November 17, 2017 12:53 PM +1000 William Brown wrote: Hi William, Hey mate, Just want to point out there are some security risks with ssf settings. I have documented these here: https://fy.blackhats.net.au/blog/html/2016/11/23/the_minssf_trap.html This is

Re: ssf Security Question

2017-11-16 Thread William Brown
On Tue, 2017-11-14 at 20:56 +, Kaya Saman wrote: > Hi, > > > I am a little confused with this. Basically I have a client > connecting  > to the database, a DECT IP phone base station which doesn't support  > STARTLS and my slapd config has settings for clients to use > certificates  > to

Re: ssf Security Question

2017-11-15 Thread Kaya Saman
On 11/15/2017 04:18 PM, Quanah Gibson-Mount wrote: access to dn.children="ou=AddressBook,dc=domain,dc=com"     by * read access to attrs=userPassword     by ssf=128 anonymous auth     by ssf=128 self write access to * by ssf=128 self write     by ssf=128 users read Many Thanks. I

Re: ssf Security Question

2017-11-15 Thread Quanah Gibson-Mount
--On Tuesday, November 14, 2017 8:56 PM + Kaya Saman wrote: access to *     by ssf=128 self write     by ssf=128 anonymous auth     by ssf=128 users read # Added ACL for open access to AddressBook in Read and Search only mode access to

ssf Security Question

2017-11-15 Thread Kaya Saman
Hi, I am a little confused with this. Basically I have a client connecting to the database, a DECT IP phone base station which doesn't support STARTLS and my slapd config has settings for clients to use certificates to connect. What would be the best way to set this up so that the DECT IP