{"description": "To determine if LDAP is being used for authentication, use the following\ncommand:\n<pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre>\n<br /><br />\nIf <tt>USELDAPAUTH=yes</tt>, then LDAP is being used. If not, set <tt>USELDAPAUTH</tt>\nto <tt>yes</tt>.", "rationale": "Without cryptographic integrity protections, information can be\naltered by unauthorized users without detection. The ssl directive specifies\nwhether to use TLS or not. If not specified it will default to no.\nIt should be set to start_tls rather than doing LDAP over SSL.", "severity": "medium", "references": {"cis-csc": ["11", "12", "14", "15", "3", "8", "9"], "cobit5": ["APO13.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.04", "DSS05.02", "DSS05.03", "DSS05.05", "DSS06.06"], "isa-62443-2009": ["4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.11.2.6", "A.12.1.2", "A.12.5.1", "A.12.6.2", "A.13.1.1", "A.13.2.1", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.6.2.1", "A.6.2.2", "A.9.1.2"], "nist": ["AC-17(a)", "CM-6(a)"], "nist-csf": ["PR.AC-3", "PR.IP-1", "PR.PT-3", "PR.PT-4"], "srg": ["SRG-OS-000250-GPOS-00093"], "ism": ["0418", "1055", "1402"]}, "control_references": {"ism": ["0418", "1055", "1402"]}, "components": [], "identifiers": {}, "ocil_clause": "USELDAPAUTH=yes is not configured correctly in /etc/sysconfig/authconfig", "ocil": "To determine if LDAP is being used for authentication, use the following\ncommand:\n<pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre>\nThe output should return:\n<pre>USELDAPAUTH=yes</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Enable the LDAP Client For Use in Authconfig", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml", "template": null}