IF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-215204 | SRG-OS-000074-GPOS-00042 | AIX7-00-001045 | SV-215204r987796_rule | 2026-02-06 | 3 |
Description
While LDAP client's authentication type is ldap_auth (server-side authentication), the client sends password to the server in clear text for authentication. SSL must be used in this case.
ℹ️ Check
Run the following command to check if "authtype" is "ldap_auth":
# grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg
The above command should yield the following output:
authtype:ldap_auth
Run the following command to check if SSL is not used in the "/etc/security/ldap/ldap.cfg" file:
# grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg
The above command should yield the following output:
useSSL:yes
If the first command displays "authtype:ldap_auth" but the second command does not display "useSSL:yes", this is a finding.
✔️ Fix
Edit the "/etc/security/ldap/ldap.cfg" file to have the following line:
useSSL:yes
Configure the LDAP server and LDAP client to use the SSL according to AIX LDAP documentation.
Restart the client daemon:
# restart-secldapclntd