I am looking for help with setup of security with my openldap config.
I currently have RHEL 6 with ldap:// and ldaps:// working for both auth binds and anon binds.
What I want to do is allow anon binds on ldap:// and require authentication over an encrypted stream on ldaps://
my current access is set to:
access to attrs=userPassword
by anonymous auth
by self read
by * none
access to *
by * read
I do not have a security statement in my slapd.conf.
I have tried a few things such as changing the userpassword access to:
access to userPassword
> by anonymous auth sasl_ssf=128 break
> by anonymous auth tls=128
> by self read
but the syntax is not correct and the config will not load with above.
Any help would be great.