On Nov 9, 2010, at 16:25 , Aaron Richton wrote:
On Tue, 9 Nov 2010, Christian Bösch wrote:
Can someone tell me if it's possible to require strong encryption like TLS except from one IP address?
access to <what> by peername.ip=1.2.3.4%255.255.255.255 {ssf,transport_ssf,tls_ssf,sasl_ssf}=NNN read by peername.ip=1.2.3.4%255.255.255.255 none by [...]
see slapd.access(5).
maybe you got me wrong. all connections have to be encrypted except one ip. this ip should be allowed to connect with plain simple_bind. acls with ssf=NNN do only allow connections with exactly the same level of encryption=NNN ssf>1 or something like that is not possible?