[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access auth granularity?

To: openldap-technical@openldap.org
Subject: Access auth granularity?
From: Dora Paula <deepee@gmx.net>
Date: Mon, 9 May 2016 09:00:22 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2

Dear List,

I've two subtrees that contain user-accounts:
ou=usersA,dc=example,dc=com and ou=usersB,dc=example,dc=com.

Goal: Users below ou=userA,... should only be allowed to bind usingsasl_bind, but not with simple_bind. Whereas users below ou=usersB,...should be allowed to bind using both (or any kind of bind).

I searched the documentation but without success. All I found wasdisallow simplebind and sasl_ssf, but both seem to make no sense in thiscase: While the first disallows simple_binds globally, the combinationof sasl_ssf and access auth is or at least seems contradicting to me.

Question: Is it possible to achieve this goal using current openldaprelease?


Thank you very much

Dora

Follow-Ups:
- Re: Access auth granularity?
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: Access auth granularity?
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Any naming conventions to be followed wile creating groups/organizations
Next by Date: require authc and SASL GSSAPI
Index(es):
- Chronological
- Thread