[389-users] require ssl/tls only for binding as user
Andrey Ivanov
andrey.ivanov at polytechnique.fr
Mon Jan 11 20:36:24 UTC 2010
You have also this (starting from version 1.2.1) :
* Add require secure binds switch
o This adds a new configuration attribute named
nsslapd-require-secure-binds. When enabled, a simple bind will only be
allowed over a secure transport (SSL/TLS or a SASL privacy layer). An
attempt to do a simple bind over an insecure transport will return a
LDAP result of LDAP_CONFIDENTIALITY_REQUIRED. This new setting will
not affect anonymous or unauthenticated binds.
o The default setting is to have this option disabled.
2010/1/11 Johannes Woerner <jkwoerner at googlemail.com>:
>> I'm evaluating the migrating of an openldap installation to
>>
>> > 389 directory server (ca 1200 user objects).
>> > With openldap I can restrict client authentication to ssl/tls ldap
>> > connections and
>> > in parallel allow anonymous (unencrypted) access to items like phone
>> > number etc.
>> > (slapd.conf with: "security simple_bind=56")
>> >
>> > Is there a way you can do this with 389 directory server?
>> Yes. By using ACIs and the features described here :
>>
>> http://directory.fedoraproject.org/wiki/Roadmap#389_Directory_Server_1.2.3_-_October_7.2C_2009
>
> Thank you, I missed this.
>
> Best regards
> Johannes
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
More information about the 389-users
mailing list