Skip to content

Commit

Permalink
man: Improve LDAP security wording
Browse files Browse the repository at this point in the history
All communication, including the identity provided must be
encrypted to prevent attacks.

Resolves: #6681

(cherry picked from commit 3172b7a)
  • Loading branch information
justin-stephenson committed Oct 5, 2023
1 parent 7143c5a commit b0dae36
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions src/man/sssd-ldap.5.xml
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,10 @@
to authenticate against an LDAP server either TLS/SSL or LDAPS
is required. <command>sssd</command> <emphasis>does
not</emphasis> support authentication over an unencrypted channel.
If the LDAP server is used only as an identity provider, an encrypted
channel is not needed. Please refer to <quote>ldap_access_filter</quote>
config option for more information about using LDAP as an access provider.
Even if the LDAP server is used only as an identity provider, an encrypted
channel is strongly recommended. Please refer to
<quote>ldap_access_filter</quote> config option for more information
about using LDAP as an access provider.
</para>
</refsect1>

Expand Down Expand Up @@ -925,7 +926,7 @@
<listitem>
<para>
true - TLS must be used or the connection
will fail.
will fail. Recommended for security reasons.
</para>
</listitem>
<listitem>
Expand Down

0 comments on commit b0dae36

Please sign in to comment.