[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control by encryption level?

Use ssf=n were n is the effective cipher key length to require.

        access to userPassword
                by self ssf=128

At 04:08 PM 1/10/01 -0800, Jeff Costlow wrote:
>Can I restrict access to an attribute by whether I have an SSL secured connection or not?
>something like:
>access to userPassword
>        by self write if SSL
>        by anonymous auth
>        by dn="cn=administrator,dc=myorg,dc=com" if SSL
>        by * none
>The idea is to restrict access to that attribute unless the user is using an SSL connection (it doesn't matter to me whether it is a StartTLS, or if the user contacted LDAPS:
>I thought I saw something like this on the mailing list, but couldn't find it again.
>Muchas Gracias.