[Date Prev][Date Next] [Chronological] [Thread] [Top]

force TLS and rootdn

To: openldap-software@openldap.org
Subject: force TLS and rootdn
From: Thierry Lacoste <lacoste@miage.univ-paris12.fr>
Date: Wed, 18 Jul 2007 11:24:04 +0200
Content-disposition: inline
Organization: MIAGE
User-agent: KMail/1.9.5

I want to force clients to use TLS except on the IPv4 loopback interface.
As suggested by Aaron I have the following ACL as the very first one
# first, make sure TLS or localhost
access to *
        by tls_ssf=1 none break
        by peername.ip="127.0.0.1" none break
        by * none
followed by my "real" ACLs.

Everything is working as expected but I've just noticed that I can
bind to the server with my rootdn in cleartext.
Is this expected? Is there a way to prevent this?

Regards,
Thierry.

Follow-Ups:
- Re: force TLS and rootdn
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: force TLS and rootdn
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: LDAP Convention 2007
Next by Date: ManageDSAiT
Index(es):
- Chronological
- Thread