[Date Prev][Date Next] [Chronological] [Thread] [Top]

2 questions regarding access-control

To: openldap-software@OpenLDAP.org
Subject: 2 questions regarding access-control
From: Patrick von der Hagen <hagen@ira.uka.de>
Date: Tue, 9 Jul 2002 16:11:30 +0200
Content-disposition: inline
User-agent: Mutt/1.3.28i

Hi all,

there are two aspects I would like to check in my access-control
configuration, but I don't know if it is possible.

First, I run an adress-book using ldap. It can be queried using Eudora,
Mozilla, Outlook, etc. without any problems. However, since it is
private data I have to restrict access to it and at the moment I am
doing it using "access to ... by domain=something". I would prefer
restricting access using an ip-adress-range, though, something like "by
ip=172.20.0.0/16". Is it possible and where can I find information about
the syntax?

Second, I am migrating from NIS to LDAPS. After some problems everything
is going fine. There is only one thing: since passwords are transmitted
without any encryption I would have liked to disable ldap completely and
only run ldaps on my server. Basically there is no problem, but about 30
clients run Redhat and libnss-ldap on Redhat is compiled without
ssl-support (well done, redhat. You can choose "use ssl" in the
libnss-configuration, but of course it does not work....).
So an easy solution would be to keep ldap without ssl running to serve
nss-information. But if I do so I would like to change the access to the
password-attribute, requiring not only auth but also tls, otherwise my
cute users might screw things up. Is it possible to restrict accessed
based on tls? If so, where can I find information about the syntax?

Many thanks in advance.

-- 
CU,
   Patrick.

Prev by Date: Re[2]: Berkeley DB 4.0
Next by Date: Re: Password Migration
Index(es):
- Chronological
- Thread