If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.

If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-215214	AIX7-00-001104	SV-215214r508663_rule		Medium

Description
If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.

STIG	Date
IBM AIX 7.x Security Technical Implementation Guide	2022-06-06

Details

Check Text ( C-16412r294093_chk )
Run the following command to check if ldap_auth is used: # grep -iE "^authtype:[[:blank:]]ldap_auth" /etc/security/ldap/ldap.cfg If the command has no output, this is Not Applicable. Run the following command to check if SSL is used: # grep -iE "^useSSL:[[:blank:]]yes" /etc/security/ldap/ldap.cfg useSSL:yes If the command has no output, this is a finding.

Fix Text (F-16410r294094_fix)
Configure the LDAP client on AIX to use the SSL. Edit /etc/security/ldap/ldap.cfg to have the following line: useSSL:yes Restart the client daemon: # secldapclntd.