[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bind only with SSL or TLS

To: Jeronimo Zucco <jczucco@ucs.br>
Subject: Re: bind only with SSL or TLS
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 25 Aug 2008 15:13:57 +0200
Cc: openldap-software@openldap.org
In-reply-to: <48B29A7C.4070507@ucs.br>
References: <48B29A7C.4070507@ucs.br>

Jeronimo Zucco writes:
>     Is it possible one ACL that just allow bind for auth with SSL or
> TLS, but simple queries are allowed in plain ?

Yes, access to attrs=userPassword by ... ssf=(for example)128 auth" in
slapd.conf.  However, it gives a poor error message when a user does try
to Bind with his password in cleartext.

Use "security simple_bind=(for example)128" instead.  And sasl-secprops
if you use SASL Bind.  You may also want to increase "localssf" to the
security factor you use, so ldapi:// connections can Bind without TLS.

-- 
Hallvard

References:
- bind only with SSL or TLS
  - From: Jeronimo Zucco <jczucco@ucs.br>

Prev by Date: bind only with SSL or TLS
Next by Date: Re: /etc/ldap/slapd.conf: line 158: invalid path: Permission denied
Index(es):
- Chronological
- Thread