|
Hi,
I am a little confused with this. Basically I have a client connecting to the database, a DECT IP phone base station which doesn't support STARTLS and my slapd config has settings for clients to use certificates to connect.
What would be the best way to set this up so that the DECT IP client only accesses the particular place that it needs to, the AddressBook section but then other clients will need to use STARTTLS for everything else??
Currently I am looking at: https://www.openldap.org/doc/admin24/security.html
https://www.openldap.org/doc/admin24/access-control.html
and have currently put this in my slapd.conf:
#Removed the Global? security clause #security ssf=128
#Added generic ACL for all access to require ssf of 128 access to *
#Added ACL for open access to AddressBook in Read and Search only mode access to dn.children="ou=AddressBook,dc=domain,dc=com"
Is this correct or do I need to engage the "security" Global section too?
Though the documentation suggests otherwise: "For fine-grained control, SSFs may be used in access controls. See the Access Control section for more information."
Thanks.
Kaya |