[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5277) Feature request: Impose SSL/TLS for some addresses/interfaces

To: openldap-its@OpenLDAP.org
Subject: (ITS#5277) Feature request: Impose SSL/TLS for some addresses/interfaces
From: michele.codutti@uniud.it
Date: Thu, 13 Dec 2007 09:25:37 GMT

Full_Name: Michele Codutti
Version: 2.3
OS: Linux/Debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (158.110.7.132)


Recently I need to implement a clustered system of OpenLDAP with syncrepl
replication method. Every node has two interfaces: one public (let's say eth0)
and one connected to a private subnet (let's say eth1). What I want is to impose
only SSL/TLS connection on eth0 and unencrypted connection on eth1. I want this
because is useless to encrypt syncrepl traffic through the private (dedicated
and secured) subnet. I haven't found any directive that do what I want. At last
I've implemented a solution suggested by Pierangelo Masaratti. I imposed TLS/SSL
by these ACL's:
access to *
     by sockurl="ldap://$PUBLIC_NAME"; ssf=128 break
     by sockurl="ldap://$PUBLIC_NAME"; stop
     by sockurl="ldaps://$PUBLIC_NAME" ssf=128 break
     by sockurl="ldaps://$PUBLIC_NAME" stop
     by * break
Pierangelo also suggested me to write an ITS to ask for a specific directive to
do this more naturaly. So here I'm. Could it be done?

Prev by Date: (ITS#5236) core.ldif differs from core.schema
Next by Date: Re: (ITS#5274) add search to online docs
Index(es):
- Chronological
- Thread