[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL questions: ssf and dn in single <who> clause?

To: OpenLDAP List <openldap-software@OpenLDAP.org>
Subject: ACL questions: ssf and dn in single <who> clause?
From: Allan Streib <astreib@indiana.edu>
Date: Fri, 2 Nov 2001 16:54:07 -0500

I have a several ACL questions. If I get this figured out, I will contribute it to the FAQ as I am having real trouble finding a single clear description of how the more advanced ACL concepts work.

I need to define an ACL that restricts access an attribute to connections that are secure. I posted this question a while ago, and Kurt replied:

I suggest use of "by ssf=64 read" ... ssf applies to
not only LDAP over SSL, but Start TLS [RFC 2830] and
SASL [RFC 2829].

I finally got around to trying this, and it does work. I have two questions, however: is there further documentation on ssf? I don't see mention of it in my admin guide. What does the value 64 mean? Are there other values that can be specified?

Also, I need this SSL/TLS restriction to be combined with specific DN restrictions, i.e. something like:

access to attr=foo
	by ssf=64 and dn="something" read

Is this possible?

Finally, is there a good explanation of what the stop | continue | break
controls do?

Many thanks,

Allan

Follow-Ups:
- Re: ACL questions: ssf and dn in single <who> clause?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OpenLDAP Java SDK
Next by Date: Problems with greaterOrEqual/lessOrEqual
Index(es):
- Chronological
- Thread