Am Mon, 9 May 2016 11:00:38 +0200 schrieb Dora Paula deepee@gmx.net:
I searched for security in slapd.access(5) [1] and just found:
"The statements ssf=<n>, transport_ssf=<n>, tls_ssf=<n>, and sasl_ssf=<n> set the minimum required Security Strength Factor (ssf) needed to grant access."
In regard to "security" slapd.conf(5) [2] states:
"security <factors> ... The directive may be specified globally and/or per-database."
Thus I don't see how this applies to my goal.
The following statement/example is taken from the current admin guide [3]:
access to dn="cn=example,cn=edu" by * ssf=256 read
Thus I tested, just for fun: access to dn="ou=usersa,dc=example,dc=com" by * sasl_ssf=1 auth
Without success - which seems clear to me, because there is no sasl-layer known during an initial bind. So, if I'm wrong, could you please be so kind and go into more detail here?
Thank you very much.
[...]
Any password transport should be protected by some means of transport security, that is, either sasl DIGEST-MD5 or TLS.
security=1
access to dn.sub=ou=userA,dc=example,dc=com by * sasl_ssf=128 read
access to dn.sub=ou=userB,dc=example,dc=com by * ssf=56 read
or alternatively
by transport_ssf=56 read
-Dieter