LDAPS allows the use of weak ciphers - iManager LDAP plugin

  • 3141559
  • 26-Mar-2008
  • 26-Apr-2012

Environment


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms

Situation

In iManager, choose the LDAP Server object.
Choose the Connections tab.
Change the Bind Restrictions for Cipher to: Use High Cipher (greater than 128-bit)

The value of the attribute ldapbindrestrictions should be set to 48, but it is getting set to 0 by the plugin.

ndstrace with LDAP tracing set to include everything but packet dumping and the +LDAP tag on.
From a command line, run nldap -u; nldap -l

With ldapbindrestrictions set to 0, the ndstrace screen will show:

TLS EXPORT ciphers or higher required for TLS connections

With ldapbindrestrictions set to 48, the ndstrace screen will show:

TLS HIGH ciphers or higher required for TLS connections

Resolution

This issue has been reported to development.

Workaround:
Use ConsoleOne or iManager without the LDAP plugins to go to the"Other" tab and change the value for the ldapbindrestictions attribute on the LDAP Server to 48

Status

Reported to Engineering

Feedback service temporarily unavailable. For content questions or problems, please contact Support.