[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access auth granularity?

To: openldap-technical@openldap.org
Subject: Re: Access auth granularity?
From: Dieter Klünter <dieter@dkluenter.de>
Date: Mon, 9 May 2016 10:26:55 +0200
In-reply-to: <57303586.1090500@gmx.net>
Organization: AVCI
References: <57303586.1090500@gmx.net>

Am Mon, 9 May 2016 09:00:22 +0200
schrieb Dora Paula <deepee@gmx.net>:

> Dear List,
> 
> I've two subtrees that contain user-accounts:
> ou=usersA,dc=example,dc=com and ou=usersB,dc=example,dc=com.
> 
> Goal: Users below ou=userA,... should only be allowed to bind using 
> sasl_bind, but not with simple_bind. Whereas users below
> ou=usersB,... should be allowed to bind using both (or any kind of
> bind).
> 
> I searched the documentation but without success. All I found was 
> disallow simplebind and sasl_ssf, but both seem to make no sense in
> this case: While the first disallows simple_binds globally, the
> combination of sasl_ssf and access auth is or at least seems
> contradicting to me.
> 
> Question: Is it possible to achieve this goal using current openldap 
> release?

Yes, this is possible, man slapd.acess(5), read on security,
security strength factors and transport layer security.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: Access auth granularity?
  - From: Dora Paula <deepee@gmx.net>

References:
- Access auth granularity?
  - From: Dora Paula <deepee@gmx.net>

Prev by Date: require authc and SASL GSSAPI
Next by Date: Re: Access auth granularity?
Index(es):
- Chronological
- Thread