Note, Additional ldapsearch options – Red Hat 8.1 User Manual

Table 6.9. Description of GSSAPI SASL Mechanism Options

Required or
Optional

Option

Description

Example

Required

mech=GSSAPI

Gives the SASL
mechanism.

NOTE

Have the
Kerberos ticket
before issuing
a GSS-API
request.

-o “mech=GSSAPI”

Optional

secprop=value

The secprop
attribute sets the
security properties for
the connection. The
secprop value can
be any of the
following:

None
noplain — Do not
permit
mechanisms
susceptible to
simple passive
attack.
noanonymous —
Do not permit
mechanisms that
allow anonymous
access.
minssf — Require
a minimum
security strength;
this option needs
a numeric value
specifying bits of
encryption. A
value of - 1
means integrity is
provided without
privacy.
maxssf —
Require a
maximum security
strength; this
option needs a
numeric value
specifying bits of
encryption. A
value of - 1
means integrity is
provided without
privacy. The
maximum value is
56.

-o
“secprop=noplain,noanonymous,
maxssf=56,minssf=56”

Additional ldapsearch Options

Red Hat Directory Server 8.1 Configuration and Command Reference

185