Environment
Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
Situation
In iManager, choose the LDAP Server object.
Choose the Connections tab.
Change the Bind Restrictions for Cipher to: Use High Cipher (greater than 128-bit)
The value of the attribute ldapbindrestrictions should be set to 48, but it is getting set to 0 by the plugin.
ndstrace with LDAP tracing set to include everything but packet dumping and the +LDAP tag on.
From a command line, run nldap -u; nldap -l
With ldapbindrestrictions set to 0, the ndstrace screen will show:
TLS EXPORT ciphers or higher required for TLS connections
With ldapbindrestrictions set to 48, the ndstrace screen will show:
TLS HIGH ciphers or higher required for TLS connections
Choose the Connections tab.
Change the Bind Restrictions for Cipher to: Use High Cipher (greater than 128-bit)
The value of the attribute ldapbindrestrictions should be set to 48, but it is getting set to 0 by the plugin.
ndstrace with LDAP tracing set to include everything but packet dumping and the +LDAP tag on.
From a command line, run nldap -u; nldap -l
With ldapbindrestrictions set to 0, the ndstrace screen will show:
TLS EXPORT ciphers or higher required for TLS connections
With ldapbindrestrictions set to 48, the ndstrace screen will show:
TLS HIGH ciphers or higher required for TLS connections
Resolution
This issue has been reported to development.
Workaround:
Use ConsoleOne or iManager without the LDAP plugins to go to the"Other" tab and change the value for the ldapbindrestictions attribute on the LDAP Server to 48
Workaround:
Use ConsoleOne or iManager without the LDAP plugins to go to the"Other" tab and change the value for the ldapbindrestictions attribute on the LDAP Server to 48