[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSF and binds

At 01:17 PM 9/14/2004, Richard L. Goerwitz III wrote:
>Dieter Kluenter wrote:
>>>Is there any way in OpenLDAP 2.2.x to say the following:
>>>  1) binds must occur over sessions with an SSF of at least 63
>>>  2) UNLESS the peer is (in which case a lower SSF is
>>>     acceptable)
>>Yes that is posible, in principle. But I would use  ldapi instead of
>>localhost. The socket has a build-in ssf of 71.
>Is it possible to *assign* connections from/to a specific peer an SSF?

Not presently.

But you can subject access based upon the sockname or the
peername.  For instance, you can require either ssf=63 or
a particular peername for auth access to userPassword.
You can do same from read and/or write access as well.