[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question on ACL, SSL/TLS

To: Oscar Bonilla <obonilla@galileo.edu>
Subject: Re: Question on ACL, SSL/TLS
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 28 Jul 2001 22:11:19 -0700
Cc: Allan Streib <astreib@indiana.edu>, OpenLDAP List <openldap-software@OpenLDAP.org>
In-reply-to: <20010726103003.A29094@galileo.edu>
References: <200107260410.f6Q4AZY10643@mask.uits.indiana.edu> <200107260410.f6Q4AZY10643@mask.uits.indiana.edu>

At 09:30 AM 7/26/2001, Oscar Bonilla wrote:
>Don't fully trust me on this but:
>
>access to *
>        by sockurl="^ldaps:///$" write


I suggest use of "by ssf=64 read" ... ssf applies to
not only LDAP over SSL, but Start TLS [RFC 2830] and
SASL [RFC 2829].


>should do the trick...
>
>regards,
>
>-Oscar
>
>
>On Wed, Jul 25, 2001 at 11:11:47PM -0500, Allan Streib wrote:
>> Is it possible to define an ACL such that an attribute is accessable only 
>> if the connection is secure (i.e. SSL).  I have a directory that contains 
>> many non-sensitive attributes but a couple that should only be accessible 
>> if the connection is encrypted.  I'd rather not force everything over SSL 
>> since that puts an undue burden on many clients that won't access the 
>> sensitive attributes.
>> 
>> Thanks,
>> 
>> Allan
>
>-- 
>pgp public key: finger obonilla@galileo.edu
>pgp fingerprint: 9735 2F52 D499 17E2 D03B  5960 241D 09EA 349F 923E

References:
- Question on ACL, SSL/TLS
  - From: Allan Streib <astreib@indiana.edu>
- Re: Question on ACL, SSL/TLS
  - From: Oscar Bonilla <obonilla@galileo.edu>

Prev by Date: Re: slurpd and ssl
Next by Date: re:tcp_wrappers & openldap .11
Index(es):
- Chronological
- Thread