[Date Prev][Date Next]
2 questions regarding access-control
there are two aspects I would like to check in my access-control
configuration, but I don't know if it is possible.
First, I run an adress-book using ldap. It can be queried using Eudora,
Mozilla, Outlook, etc. without any problems. However, since it is
private data I have to restrict access to it and at the moment I am
doing it using "access to ... by domain=something". I would prefer
restricting access using an ip-adress-range, though, something like "by
ip=172.20.0.0/16". Is it possible and where can I find information about
Second, I am migrating from NIS to LDAPS. After some problems everything
is going fine. There is only one thing: since passwords are transmitted
without any encryption I would have liked to disable ldap completely and
only run ldaps on my server. Basically there is no problem, but about 30
clients run Redhat and libnss-ldap on Redhat is compiled without
ssl-support (well done, redhat. You can choose "use ssl" in the
libnss-configuration, but of course it does not work....).
So an easy solution would be to keep ldap without ssl running to serve
nss-information. But if I do so I would like to change the access to the
password-attribute, requiring not only auth but also tls, otherwise my
cute users might screw things up. Is it possible to restrict accessed
based on tls? If so, where can I find information about the syntax?
Many thanks in advance.