[Date Prev][Date Next] [Chronological] [Thread] [Top]

port level security for auth and anon



I am looking for help with setup of security with my openldap config. 
 
I currently have RHEL 6 with ldap:// and ldaps:// working for both auth binds and anon binds. 
 
What I want to do is allow anon binds on ldap://   and require authentication over an encrypted stream on ldaps://
 
my current access is set to:
 
access to attrs=userPassword  
    by anonymous auth
    by self read
    by * none
 
access to *
    by * read
 
I do not have a security statement in my slapd.conf. 
 
I have tried a few things such as changing the userpassword access to:
 
access to userPassword
> by anonymous auth sasl_ssf=128 break
> by anonymous auth tls=128
> by self read
 
but the syntax is not correct and the config will not load with above.
 
Any help would be great.
 
 
 
Chris Jackson