[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSF and binds
At 01:17 PM 9/14/2004, Richard L. Goerwitz III wrote:
>Dieter Kluenter wrote:
>
>>>Is there any way in OpenLDAP 2.2.x to say the following:
>>>
>>> 1) binds must occur over sessions with an SSF of at least 63
>>>
>>> 2) UNLESS the peer is 127.0.0.1 (in which case a lower SSF is
>>> acceptable)
>>Yes that is posible, in principle. But I would use ldapi instead of
>>localhost. The socket has a build-in ssf of 71.
>
>Is it possible to *assign* connections from/to a specific peer an SSF?
Not presently.
But you can subject access based upon the sockname or the
peername. For instance, you can require either ssf=63 or
a particular peername for auth access to userPassword.
You can do same from read and/or write access as well.