If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215214 | SRG-OS-000250-GPOS-00093 | AIX7-00-001104 | SV-215214r991554_rule | 2026-02-06 | 3 |
Description
If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
ℹ️ Check
Run the following command to check if ldap_auth is used:
# grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg
If the command has no output, this is Not Applicable.
Run the following command to check if SSL is used:
# grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg
useSSL:yes
If the command has no output, this is a finding.
✔️ Fix
Configure the LDAP client on AIX to use the SSL.
Edit /etc/security/ldap/ldap.cfg to have the following line:
useSSL:yes
Restart the client daemon:
# secldapclntd.