[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ssf, access control, and back-shell
I spoke too soon about back-shell ignoring ACLs. It does
not ignore them, at least for searching.
But I am still trying to find a way to restrict binding to secure
connection. If I were using a normal ldbm backend, where there
actually existed a userpassword field, I would apply an ACL that
specifies a ssf of 128. But in the case of using back-shell to
handle binding, I am not sure.
Is it even possible to write an ACL to do this? That is, would back-shell
pay any attention to ACLs in the case of binding?
If not, I suppose I could always modify the bind.c file under
servers/slapd/back-shell, but I would prefer not to...
-steve
On Thu, Oct 03, 2002 at 07:54:00PM -0400, Steven Hodges wrote:
> Hello...
>
> I see that back-shell ignores almost all access control directives.
>
> But what I would like to do is restrict my back-shell bind script
> such that all bind operations have to take place with ssf of 128...
> Normally I would do this with ssf=128 in the ACL, but I am not sure
> how to do it in this case. I could just manually check it in my
> back-shell bind script, but I don't think it's even aware of the
> ssf...
>
> Any ideas would be appreciated.
>
> -steve hodges
> Georgia Tech