[Date Prev][Date Next]
Re: Question on ACL, SSL/TLS
At 09:30 AM 7/26/2001, Oscar Bonilla wrote:
>Don't fully trust me on this but:
>access to *
> by sockurl="^ldaps:///$" write
I suggest use of "by ssf=64 read" ... ssf applies to
not only LDAP over SSL, but Start TLS [RFC 2830] and
SASL [RFC 2829].
>should do the trick...
>On Wed, Jul 25, 2001 at 11:11:47PM -0500, Allan Streib wrote:
>> Is it possible to define an ACL such that an attribute is accessable only
>> if the connection is secure (i.e. SSL). I have a directory that contains
>> many non-sensitive attributes but a couple that should only be accessible
>> if the connection is encrypted. I'd rather not force everything over SSL
>> since that puts an undue burden on many clients that won't access the
>> sensitive attributes.
>pgp public key: finger firstname.lastname@example.org
>pgp fingerprint: 9735 2F52 D499 17E2 D03B 5960 241D 09EA 349F 923E