[Date Prev][Date Next]
Re: SSF and binds
"Richard L. Goerwitz III" <email@example.com> writes:
> Dieter Kluenter wrote:
>>>Is there any way in OpenLDAP 2.2.x to say the following:
>>> 1) binds must occur over sessions with an SSF of at least 63
>>> 2) UNLESS the peer is 127.0.0.1 (in which case a lower SSF is
>> Yes that is posible, in principle. But I would use ldapi instead of
>> localhost. The socket has a build-in ssf of 71.
> Is it possible to *assign* connections from/to a specific peer an SSF?
> The systems or network administrator knows what connections are secure
> and what ones aren't. If I route traffic from my LDAP primary to my
> secondary over a dedicated link, I may want to assign that link an SSF
> of, say, 40, or 71 - or whatever.
> It should be up to me or my network administrator.
> I raised this issue on the ldap bugs list, but phrased some things in
> a way that made the request look like I simply didn't understand what
> I was asking for, and Kurt rightly pushed me over to this list.
> So I'd like to ask here: Am I making sense?
You might have a look at sets
Frankly, I haven't designed a set that would meet your
requirements yet, but it should be feasable.
Dieter Klünter | Systemberatung
GPG Key ID:8C183C8622115328