[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSF and binds

To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Subject: Re: SSF and binds
From: "Richard L. Goerwitz III" <richard@goerwitz.com>
Date: Tue, 14 Sep 2004 11:04:56 -0500
In-reply-to: <A33CBACB51C9F9740FF3A350@cadabra-dsl.stanford.edu>
References: <C1DC40E292E2E74E9FA67C31139E52B33A7DDC@ukmail007.betrusted.com> <4146F077.7000402@mango.com> <4146FA4C.2060808@Goerwitz.COM> <A33CBACB51C9F9740FF3A350@cadabra-dsl.stanford.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803

Quanah Gibson-Mount wrote:

Have you tried making two clauses to the ACL?

access to <whatever>
    by <DN> ssf=63 read
    by peer=127.0.0.1 ssf=10 read
    by * break


Well, yes.  But this would only control access to a particular object
or set of objects.  I'm talking about a bind operation.  Is it possible
to specify different required SSF values depending on, e.g., the peer?

Alternatively, is it possible to adjust a particular server instance
so that it sees a connection from 127.0.0.1 as inherently strong (with
a high SSF)?  I.e., is there a directive for this?

There are a lot of different ways I could phrase this, and a lot of
different scenarios I could cite.  But I'm sure y'all get the idea.

--

Richard L. Goerwitz III		   Email: Richard.Goerwitz@Carleton.edu
Phone: +1 507 646 5526				   Fax: +1 507 646 4537
PGP key fingerprint: 4471 B6D3 57CC B2DC A0CF  82D3 0B7D EA19 F425 B0E0

References:
- RE: Extended attrs search
  - From: Dhiren Pankhania <dpankhania@beTRUSTed.com>
- Re: Extended attrs search
  - From: Saxa Egea <saxa.egea@mango.com>
- SSF and binds
  - From: "Richard L. Goerwitz III" <richard@Goerwitz.com>
- Re: SSF and binds
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: IMHO incorrect info in the documentation (slightly off-topic)
Next by Date: Re: IMHO incorrect info in the documentation
Index(es):
- Chronological
- Thread