[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSF and binds

"Richard L. Goerwitz III" <richard@goerwitz.com> writes:

> Dieter Kluenter wrote:
>>>Is there any way in OpenLDAP 2.2.x to say the following:
>>>   1) binds must occur over sessions with an SSF of at least 63
>>>   2) UNLESS the peer is (in which case a lower SSF is
>>>      acceptable)
>> Yes that is posible, in principle. But I would use  ldapi instead of
>> localhost. The socket has a build-in ssf of 71.
> Is it possible to *assign* connections from/to a specific peer an SSF?
> The systems or network administrator knows what connections are secure
> and what ones aren't.  If I route traffic from my LDAP primary to my
> secondary over a dedicated link, I may want to assign that link an SSF
> of, say, 40, or 71 - or whatever.
> It should be up to me or my network administrator.
> I raised this issue on the ldap bugs list, but phrased some things in
> a way that made the request look like I simply didn't understand what
> I was asking for, and Kurt rightly pushed me over to this list.
> So I'd like to ask here:  Am I making sense?

You might have a look at sets
Frankly, I haven't designed a set that would meet your
requirements yet, but it should be feasable.


Dieter Klünter | Systemberatung
GPG Key ID:8C183C8622115328