[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force ldaps for named bind

To: Roland Muecke <roland.muecke@imise.uni-leipzig.de>
Subject: Re: Force ldaps for named bind
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 15 Jun 2002 15:14:25 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3D09DB54.9090100@imise.uni-leipzig.de>

At 05:02 AM 2002-06-14, Roland Muecke wrote:
>Is it possible to configure slapd so that named binds can only be done using encrypted connections?

Here's the text I just added to the Admin Guide:

It is often desirable to restrict operations based upon the level
of protection in place.  The following shows how security strength
factors (SSF) can be used.

   access to *
       by ssf=128 self write
       by ssf=64 anonymous auth
       by ssf=64 users read

This directive allows users to modify their own entries if security
protections have of strength 128 or better have been established,  
allows simple authentication and read access when 64 or better     
security protections have been established.

(See slapd.conf(5) for a discussion of security strength factors.)

>Anonymous binds should of course be possible without encryption.

The above disallows anonymous read... but can easily be tweaked
to allow such.

References:
- Force ldaps for named bind
  - From: Roland Muecke <roland.muecke@imise.uni-leipzig.de>

Prev by Date: RE: OpenLDAP 2.1 Released
Next by Date: Re: newbie question
Index(es):
- Chronological
- Thread