[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question on ACL, SSL/TLS

At 09:30 AM 7/26/2001, Oscar Bonilla wrote:
>Don't fully trust me on this but:
>access to *
>        by sockurl="^ldaps:///$" write

I suggest use of "by ssf=64 read" ... ssf applies to
not only LDAP over SSL, but Start TLS [RFC 2830] and
SASL [RFC 2829].

>should do the trick...
>On Wed, Jul 25, 2001 at 11:11:47PM -0500, Allan Streib wrote:
>> Is it possible to define an ACL such that an attribute is accessable only 
>> if the connection is secure (i.e. SSL).  I have a directory that contains 
>> many non-sensitive attributes but a couple that should only be accessible 
>> if the connection is encrypted.  I'd rather not force everything over SSL 
>> since that puts an undue burden on many clients that won't access the 
>> sensitive attributes.
>> Thanks,
>> Allan
>pgp public key: finger obonilla@galileo.edu
>pgp fingerprint: 9735 2F52 D499 17E2 D03B  5960 241D 09EA 349F 923E