OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Enhancements/5277
Full headers

From: michele.codutti@uniud.it
Subject: Feature request: Impose SSL/TLS for some addresses/interfaces
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 13 Dec 2007 09:25:36 GMT
From: michele.codutti@uniud.it
To: openldap-its@OpenLDAP.org
Subject: Feature request: Impose SSL/TLS for some addresses/interfaces
Full_Name: Michele Codutti
Version: 2.3
OS: Linux/Debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (158.110.7.132)


Recently I need to implement a clustered system of OpenLDAP with syncrepl
replication method. Every node has two interfaces: one public (let's say eth0)
and one connected to a private subnet (let's say eth1). What I want is to impose
only SSL/TLS connection on eth0 and unencrypted connection on eth1. I want this
because is useless to encrypt syncrepl traffic through the private (dedicated
and secured) subnet. I haven't found any directive that do what I want. At last
I've implemented a solution suggested by Pierangelo Masaratti. I imposed TLS/SSL
by these ACL's:
access to *
     by sockurl="ldap://$PUBLIC_NAME" ssf=128 break
     by sockurl="ldap://$PUBLIC_NAME" stop
     by sockurl="ldaps://$PUBLIC_NAME" ssf=128 break
     by sockurl="ldaps://$PUBLIC_NAME" stop
     by * break
Pierangelo also suggested me to write an ITS to ask for a specific directive to
do this more naturaly. So here I'm. Could it be done?

Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org