[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control by encryption level?



Use ssf=n were n is the effective cipher key length to require.

e.g:
        access to userPassword
                by self ssf=128
                ...

At 04:08 PM 1/10/01 -0800, Jeff Costlow wrote:
>Can I restrict access to an attribute by whether I have an SSL secured connection or not?
>
>something like:
>
>access to userPassword
>        by self write if SSL
>        by anonymous auth
>        by dn="cn=administrator,dc=myorg,dc=com" if SSL
>        by * none
>        
>
>The idea is to restrict access to that attribute unless the user is using an SSL connection (it doesn't matter to me whether it is a StartTLS, or if the user contacted LDAPS:
>
>I thought I saw something like this on the mailing list, but couldn't find it again.
>
>Muchas Gracias.