Kurt D. Zeilenga wrote:
Is there any way in OpenLDAP 2.2.x to say the following:
1) binds must occur over sessions with an SSF of at least 63
2) UNLESS the peer is 127.0.0.1 (in which case a lower SSF is acceptable)
Yes that is posible, in principle. But I would use ldapi instead of localhost. The socket has a build-in ssf of 71.
Is it possible to *assign* connections from/to a specific peer an SSF?
Not presently.
Consider it a low-priority feature request, then. It would be great if systems people (who presumably can be trusted to know what they're doing if they want to assign an SSF to a connection to a particular peer) could assign connections an SSF.
E.g., I occasionally construct dedicated VPNs or other links that our network administrator considers reasonably secure (enough to assign the transport an SSF > 0).
--
Richard L. Goerwitz III Email: Richard.Goerwitz@Carleton.edu Phone: +1 507 646 5526 Fax: +1 507 646 4537 PGP key fingerprint: 4471 B6D3 57CC B2DC A0CF 82D3 0B7D EA19 F425 B0E0