\DISALLOW bind_anon_cred in slapd.conf file causes RC=256 during CA LDAP startup.

book

Article ID: 130924

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Setting "DISALLOW bind_anon_cred" receives the following error:

./DST/slapd.conf: line 168: unknown feature bind_anon_cred

and a RC=0256 stops the CA LDAP initialization. 

"DISALLOW bind_anon_cred" is documented in the manuals.

Environment

Release:
Component: TSSLDP

Resolution

Documentation will be updated in the future with:

The values allowed for "allow" are as follows: bind_v2 bind_anon_cred
bind_anon_dn
update_anon
proxy_authz_anon

The reason for this is because by default these are now all disallowed and are no longer verbs permitted on the disallow config option.

The values now permitted on the disallow config option are:

bind_anon
bind_simple
tls_2_anon
tls_authc
proxy_authz_non_critical dontusecopy_non_critical