On Nov 9, 2010, at 16:25 , Aaron Richton wrote: > On Tue, 9 Nov 2010, Christian Bösch wrote: > >> Can someone tell me if it's possible to require strong encryption like TLS >> except from one IP address? > > access to <what> > by peername.ip=1.2.3.4%255.255.255.255 {ssf,transport_ssf,tls_ssf,sasl_ssf}=NNN read > by peername.ip=1.2.3.4%255.255.255.255 none > by [...] > > see slapd.access(5). maybe you got me wrong. all connections have to be encrypted except one ip. this ip should be allowed to connect with plain simple_bind. acls with ssf=NNN do only allow connections with exactly the same level of encryption=NNN ssf>1 or something like that is not possible?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature