[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bind only with SSL or TLS

Jeronimo Zucco writes:
>     Is it possible one ACL that just allow bind for auth with SSL or
> TLS, but simple queries are allowed in plain ?

Yes, access to attrs=userPassword by ... ssf=(for example)128 auth" in
slapd.conf.  However, it gives a poor error message when a user does try
to Bind with his password in cleartext.

Use "security simple_bind=(for example)128" instead.  And sasl-secprops
if you use SASL Bind.  You may also want to increase "localssf" to the
security factor you use, so ldapi:// connections can Bind without TLS.