Can't use Bind DLZ through LDAPS SSL
Dario García Díaz-Miguel
dgdiaz at gmv.com
Fri Feb 12 06:39:46 UTC 2021
I really don't know If this is the correct place to ask about Bind DLZ, but I'm afraid that I could not have any responses from the BIND DLZ mail list and, since this seems to be an "official" plugin and it's compiled on the bind9 package from the SuSE15 SP2 repository I will try to ask it over here.
I've deployed an OpenLDAP using the security options recommended by my cybersecurity team:
- olcSecurity: ssf=256
- olcLocalSSF: 256
- olcRequires: authc
- olcDisallow: bind_anon
- olcTLSVerifyClient: try
So essentially right now is required to use certificates and LDAPS in order to bind to the OpenLDAP server. Otherwise a Confidential error will appear since TLS SSL Handshake is not possible. Well, this is the expected behavior.
All the software of the environment works flawlessly using the SSL Certificates through LDAPS SSL except Bind DLZ. I could not find the way to configure it to use SSL.
The Bind DLZ used is the one compiled with the BIND 9.16.6 (Stable Release) from the SUSE 15 SP2 repository.
Could anybody help me?
Thank you so much.
GGCS SKMF Infrastructure Division
C\ de Isaac Newton, 11
28760, Tres Cantos, Madrid
+34 918 07 21 00
+34 918 07 21 99
P Please consider the environment before printing this e-mail.
More information about the bind-users