[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls

To: Aaron Richton <richton@nbcs.rutgers.edu>
Subject: Re: tls
From: Christian Bösch <boesch@fhv.at>
Date: Wed, 10 Nov 2010 08:30:37 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <alpine.SOC.2.00.1011091022400.18772@toolbox.rutgers.edu>
References: <CA698B77-AABF-4B47-A9BB-B61AF623B33D@fhv.at> <alpine.SOC.2.00.1011091022400.18772@toolbox.rutgers.edu>

On Nov 9, 2010, at 16:25 , Aaron Richton wrote:

> On Tue, 9 Nov 2010, Christian Bösch wrote:
> 
>> Can someone tell me if it's possible to require strong encryption like TLS
>> except from one IP address?
> 
> access to <what>
>   by peername.ip=1.2.3.4%255.255.255.255 {ssf,transport_ssf,tls_ssf,sasl_ssf}=NNN read
>   by peername.ip=1.2.3.4%255.255.255.255 none
>   by [...]
> 
> see slapd.access(5).

maybe you got me wrong. all connections have to be encrypted except one ip. this ip
should be allowed to connect with plain simple_bind.
acls with ssf=NNN do only allow connections with exactly the same level of encryption=NNN
ssf>1 or something like that is not possible?

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References:
- tls
  - From: Christian Bösch <boesch@fhv.at>
- Re: tls
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Re: tls
Next by Date: Re: tls
Index(es):
- Chronological
- Thread