25 Aug
2008
25 Aug
'08
4:41 a.m.
Is it possible one ACL that just allow bind for auth with SSL or TLS, but simple queries are allowed in plain ?
--
Jeronimo Zucco
LPIC-1 Linux Professional Institute Certified
Universidade de Caxias do Sul - NPDU
http://jczucco.blogspot.com
25 Aug
25 Aug
6:13 a.m.
Jeronimo Zucco writes:
Is it possible one ACL that just allow bind for auth with SSL orTLS, but simple queries are allowed in plain ?
Yes, access to attrs=userPassword by ... ssf=(for example)128 auth" in slapd.conf. However, it gives a poor error message when a user does try to Bind with his password in cleartext.
Use "security simple_bind=(for example)128" instead. And sasl-secprops if you use SASL Bind. You may also want to increase "localssf" to the security factor you use, so ldapi:// connections can Bind without TLS.
--
Hallvard
5963
Age (days ago)
5963
Last active (days ago)
openldap-software@openldap.org
1 comments
2 participants
participants (2)
-
Hallvard B Furuseth -
Jeronimo Zucco