[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSF and binds

To: richard@Goerwitz.com, OpenLDAP-software@OpenLDAP.org
Subject: Re: SSF and binds
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 14 Sep 2004 08:09:53 -0700
Content-disposition: inline
In-reply-to: <4146FA4C.2060808@Goerwitz.COM>
References: <C1DC40E292E2E74E9FA67C31139E52B33A7DDC@ukmail007.betrusted.com> <4146F077.7000402@mango.com> <4146FA4C.2060808@Goerwitz.COM>

--On Tuesday, September 14, 2004 9:03 AM -0500 "Richard L. Goerwitz III" <richard@Goerwitz.com> wrote:

Is there any way in OpenLDAP 2.2.x to say the following:

   1) binds must occur over sessions with an SSF of at least 63

   2) UNLESS the peer is 127.0.0.1 (in which case a lower SSF is
      acceptable)


Have you tried making two clauses to the ACL?

access to <whatever>
	by <DN> ssf=63 read
	by peer=127.0.0.1 ssf=10 read
	by * break


(Note I'm making that up off the top of my head, so syntax may be off).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: SSF and binds
  - From: "Richard L. Goerwitz III" <richard@goerwitz.com>

References:
- RE: Extended attrs search
  - From: Dhiren Pankhania <dpankhania@beTRUSTed.com>
- Re: Extended attrs search
  - From: Saxa Egea <saxa.egea@mango.com>
- SSF and binds
  - From: "Richard L. Goerwitz III" <richard@Goerwitz.com>

Prev by Date: Re: LDAP master+slave - strange behavour
Next by Date: Re: LDAP master+slave - strange behavour
Index(es):
- Chronological
- Thread