[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssf, access control, and back-shell

To: openldap-software@OpenLDAP.org
Subject: Re: ssf, access control, and back-shell
From: Steven Hodges <steve.hodges@oit.gatech.edu>
Date: Sat, 5 Oct 2002 01:45:27 -0400
Content-disposition: inline
In-reply-to: <20021003235400.GC6469@mail.gatech.edu>
References: <20021003235400.GC6469@mail.gatech.edu>
User-agent: Mutt/1.4i

I spoke too soon about back-shell ignoring ACLs.  It does
not ignore them, at least for searching.

But I am still trying to find a way to restrict binding to secure
connection.  If I were using a normal ldbm backend, where there
actually existed a userpassword field, I would apply an ACL that
specifies a ssf of 128.  But in the case of using back-shell to
handle binding, I am not sure.

Is it even possible to write an ACL to do this?  That is, would back-shell
pay any attention to ACLs in the case of binding?

If not, I suppose I could always modify the bind.c file under
servers/slapd/back-shell, but I would prefer not to...

-steve

On Thu, Oct 03, 2002 at 07:54:00PM -0400, Steven Hodges wrote:
> Hello...
> 
> I see that back-shell ignores almost all access control directives.
> 
> But what I would like to do is restrict my back-shell bind script
> such that all bind operations have to take place with ssf of 128...
> Normally I would do this with ssf=128 in the ACL, but I am not sure
> how to do it in this case.  I could just manually check it in my
> back-shell bind script, but I don't think it's even aware of the
> ssf...
> 
> Any ideas would be appreciated.
> 
> -steve hodges
> Georgia Tech

Follow-Ups:
- Re: ssf, access control, and back-shell
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- ssf, access control, and back-shell
  - From: Steven Hodges <steve.hodges@oit.gatech.edu>

Prev by Date: Re: acl question
Next by Date: Unable to start service with error code 19
Index(es):
- Chronological
- Thread