[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access auth granularity?
Am Mon, 9 May 2016 09:00:22 +0200
schrieb Dora Paula <deepee@gmx.net>:
> Dear List,
>
> I've two subtrees that contain user-accounts:
> ou=usersA,dc=example,dc=com and ou=usersB,dc=example,dc=com.
>
> Goal: Users below ou=userA,... should only be allowed to bind using
> sasl_bind, but not with simple_bind. Whereas users below
> ou=usersB,... should be allowed to bind using both (or any kind of
> bind).
>
> I searched the documentation but without success. All I found was
> disallow simplebind and sasl_ssf, but both seem to make no sense in
> this case: While the first disallows simple_binds globally, the
> combination of sasl_ssf and access auth is or at least seems
> contradicting to me.
>
> Question: Is it possible to achieve this goal using current openldap
> release?
Yes, this is possible, man slapd.acess(5), read on security,
security strength factors and transport layer security.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E