[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ssf question
Hi,
I have a correctly configured OpenLDAP server using TLS and
simple authentication. I have to set ssf's for a few
users, but it does not work to me. My config seems like this:
access to dn="^cn=replicator,...$"
by "cn=manager,..." ssf=128 transport_ssf=128 tls_ssf=128 write
by "cn=replicator,..." read
by * none
access to attribute=userPassword
by dn="cn=manager,..." ssf=128 transport_ssf=128 tls_ssf=128 write
by dn="cn=replicator,..." write
by anonymous auth
by self ssf=128 transport_ssf=128 tls_ssf=128 write
by * none
access to *
by dn="cn=manager,..." ssf=128 transport_ssf=128 tls_ssf=128 write
by dn="cn=replicator,..." write
by * read
With this config I can bind without tls using the manager's dn and
modify the database. Could somebody tell me how to configure it
correctly? I need "cn=manager,..." to enforce tls, and other
users to enforce tls on password modifications, but "cn=replicator,..."
is not able to use tls/ssl, so it is allowed to write the database
without encryption. (It binds only from localhost.)
What's wrong in my config? slapd.conf(5) and slapd.access(5) man pages
are short of speech to me, I not really understand the corresponding
parts.
--
bSanyI