OpenLDAP ITS - Software Enhancements/5277

Up to top level
Build Contrib Development Documentation Historical Incoming Software Bugs Software Enhancements Web

Logged in as guest

From: michele.codutti@uniud.it
Subject: Feature request: Impose SSL/TLS for some addresses/interfaces
Compose comment
Download message

Date: Thu, 13 Dec 2007 09:25:36 GMT From: michele.codutti@uniud.it To: openldap-its@OpenLDAP.org Subject: Feature request: Impose SSL/TLS for some addresses/interfaces

Full_Name: Michele Codutti
Version: 2.3
OS: Linux/Debian
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (158.110.7.132)


Recently I need to implement a clustered system of OpenLDAP with syncrepl
replication method. Every node has two interfaces: one public (let's say eth0)
and one connected to a private subnet (let's say eth1). What I want is to impose
only SSL/TLS connection on eth0 and unencrypted connection on eth1. I want this
because is useless to encrypt syncrepl traffic through the private (dedicated
and secured) subnet. I haven't found any directive that do what I want. At last
I've implemented a solution suggested by Pierangelo Masaratti. I imposed TLS/SSL
by these ACL's:
access to *
     by sockurl="ldap://$PUBLIC_NAME" ssf=128 break
     by sockurl="ldap://$PUBLIC_NAME" stop
     by sockurl="ldaps://$PUBLIC_NAME" ssf=128 break
     by sockurl="ldaps://$PUBLIC_NAME" stop
     by * break
Pierangelo also suggested me to write an ITS to ask for a specific directive to
do this more naturaly. So here I'm. Could it be done?

Up to top level
Build Contrib Development Documentation Historical Incoming Software Bugs Software Enhancements Web

Logged in as guest

The OpenLDAP Issue Tracking System uses a hacked version of JitterBug