[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access auth granularity?



Dear List,

I've two subtrees that contain user-accounts:
ou=usersA,dc=example,dc=com and ou=usersB,dc=example,dc=com.

Goal: Users below ou=userA,... should only be allowed to bind using sasl_bind, but not with simple_bind. Whereas users below ou=usersB,... should be allowed to bind using both (or any kind of bind).

I searched the documentation but without success. All I found was disallow simplebind and sasl_ssf, but both seem to make no sense in this case: While the first disallows simple_binds globally, the combination of sasl_ssf and access auth is or at least seems contradicting to me.

Question: Is it possible to achieve this goal using current openldap release?

Thank you very much

Dora