[Date Prev][Date Next]
Re: LDAP anonymous and encrypted simple authentication
tir, 20.01.2004 kl. 21.22 skrev Vegeta:
> I currently have ldap (unencrypted) access on loopback (127.0.0.1) interface
> and ldaps access (encrypted) on all interfaces.
> There is some (not all) data I want to make available via anonymous access
> and I don't need SSL/TLS to protect it.
> There is some sensitive data I do not want to make available via anonymous
> access, but through SSL encrypted simple (password) authentication.
> What is the security hole you see?
> I already read the Admin guide and it does not explain this setup.
Ah. Quanah's approach would be the most likely solution IMHO. You can
use the ssf options in your ACL list. 'man(5) slapd.access' will give
you the options and 'man(5) slapd.conf' will explain what the option
factors are and their values. Seems like you can only do this with TLS,
not with SSL, since TLS gives the option of encryption or no encryption.
mail: billy - at - billy.demon.nl