I am looking for help with setup of security with my openldap config.
I currently have RHEL 6 with ldap:// and ldaps:// working for both auth binds and anon binds.
What I want to do is allow anon binds on ldap:// and require authentication over an encrypted stream on ldaps://
my current access is set to:
access to attrs=userPassword by anonymous auth by self read by * none
access to * by * read
I do not have a security statement in my slapd.conf.
I have tried a few things such as changing the userpassword access to:
access to userPassword
by anonymous auth sasl_ssf=128 break by anonymous auth tls=128 by self read
but the syntax is not correct and the config will not load with above.
Any help would be great.
Chris Jackson
Christopher Louis Jackson wrote:
I am looking for help with setup of security with my openldap config. I currently have RHEL 6 with ldap:// and ldaps:// working for both auth binds and anon binds. What I want to do is allow anon binds on ldap:// and require authentication over an encrypted stream on ldaps:// my current access is set to: access to attrs=userPassword by anonymous auth by self read by * none access to * by * read I do not have a security statement in my slapd.conf. I have tried a few things such as changing the userpassword access to: access to userPassword
by anonymous auth sasl_ssf=128 break by anonymous auth tls=128 by self read
but the syntax is not correct and the config will not load with above. Any help would be great.
As the slapd.access(5) manpage clearly states, the syntax is access to <what> [ by <who> [ <access> ] [ <control> ] ]+
"sasl_ssf=128" is a <who> specifier but you have it after the <access> specifier.
We don't just write things randomly. Read and follow what's actually written in front of you.
openldap-technical@openldap.org