[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP anonymous and encrypted simple authentication

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: LDAP anonymous and encrypted simple authentication
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Wed, 21 Jan 2004 12:11:29 +0100
In-reply-to: <buk2lg$d0e$1@sea.gmane.org>
Organization: Billy
References: <bujggd$t1e$1@sea.gmane.org> <1074619522.2963.219.camel@localhost> <buk2lg$d0e$1@sea.gmane.org>

tir, 20.01.2004 kl. 21.22 skrev Vegeta:

> I currently have ldap (unencrypted) access on loopback (127.0.0.1) interface
> and ldaps access (encrypted) on all interfaces.
> There is some (not all) data I want to make available via anonymous access
> and I don't need SSL/TLS to protect it.
> There is some sensitive data I do not want to make available via anonymous
> access, but through SSL encrypted simple (password) authentication.
> What is the security hole you see?
> I already read the Admin guide and it does not explain this setup.

Ah. Quanah's approach would be the most likely solution IMHO. You can
use the ssf options in your ACL list. 'man(5) slapd.access' will give
you the options and 'man(5) slapd.conf' will explain what the option
factors are and their values. Seems like you can only do this with TLS,
not with SSL, since TLS gives the option of encryption or no encryption.

--Tonni

-- 
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl

References:
- LDAP anonymous and encrypted simple authentication
  - From: Vegeta <lord.vegeta@ica.luz.ve>
- Re: LDAP anonymous and encrypted simple authentication
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: LDAP anonymous and encrypted simple authentication
  - From: Vegeta <lord.vegeta@ica.luz.ve>

Prev by Date: Re: [Fwd: VIRUS (Worm.Bagle.A) IN MAIL TO YOU (from <owner-openldap-softwar e@OpenLDAP.org>)]
Next by Date: RE: Openldap 2.2.4 SASL Proxy auth
Index(es):
- Chronological
- Thread