[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enforce TLS?

To: Patrick Lists <openldap-list@puzzled.xs4all.nl>, openldap-technical@openldap.org
Subject: Re: Enforce TLS?
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 07 Feb 2013 10:33:21 -0800
Content-disposition: inline
In-reply-to: <5113C7E6.7030201@puzzled.xs4all.nl>
References: <5113C7E6.7030201@puzzled.xs4all.nl>

--On Thursday, February 07, 2013 4:27 PM +0100 Patrick Lists<openldap-list@puzzled.xs4all.nl> wrote:

Hi,

I've gone through slapd.access a couple of times but I can't wrap my head
around the mountain of information. IMHO that man page could do with a
few more examples for us mere mortals :-)

FYI: I was not able to find what ssf=<n>, transport_ssf=<n>, tls_ssf=<n>,
sasl_ssf=<n> mean and which possible values (+ meaning of those values) I
can set them too. Missing info?

Goal: allow 127.0.0.1 and ::1 non-TLS access and all other connections
must use TLS.

Anyone perhaps have an example that can get me started?

Read the "security" bit from<https://www.openldap.org/software/man.cgi?query=slapd.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>to start.

Basically, you can very granularly set what security fact your want forvarious methods (SASL, TLS, etc).


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Enforce TLS?
  - From: Patrick Lists <openldap-list@puzzled.xs4all.nl>

References:
- Enforce TLS?
  - From: Patrick Lists <openldap-list@puzzled.xs4all.nl>

Prev by Date: Re: import Certificate to userCertificate
Next by Date: Re: import Certificate to userCertificate
Index(es):
- Chronological
- Thread