[Date Prev][Date Next]
Re: bind only with SSL or TLS
Jeronimo Zucco writes:
> Is it possible one ACL that just allow bind for auth with SSL or
> TLS, but simple queries are allowed in plain ?
Yes, access to attrs=userPassword by ... ssf=(for example)128 auth" in
slapd.conf. However, it gives a poor error message when a user does try
to Bind with his password in cleartext.
Use "security simple_bind=(for example)128" instead. And sasl-secprops
if you use SASL Bind. You may also want to increase "localssf" to the
security factor you use, so ldapi:// connections can Bind without TLS.