[Fedora-directory-users] Simple Bind only in secured channel
Gary Windham
windhamg at email.arizona.edu
Mon Jun 16 17:00:41 UTC 2008
On Jun 16, 2008, at 8:49 AM, Rich Megginson wrote:
> Dael Maselli wrote:
>> Hi all,
>>
>> is there any method to deny simple bind operation unless in a secure
>> channel (SSL or STARTTLS)?
> No. This relates to another requested feature, which is the ability
> to deny anonymous bind or other anonymous operations. I would like
> to get some requirements for such a feature.
> * allow simple bind/anonymous operations only over a secure channel?
> * allow simple bind/anonymous operations for certain hosts/ip
> addresses?
> * allow only certain anonymous operations, like startTLS and the
> password change extop? others?
> * other access control features related to the above?
>> Do I have to write a plug-in? Hints?
> Yes, at this point it would have to be a plug-in, most likely a bind
> pre-op plug-in.
I have a bind pre-op plugin that meets the first two requirements; I
would be happy to share it with anyone interested.
Thanks,
--Gary
--
Gary Windham
Senior Enterprise Systems Architect
The University of Arizona, UITS
+1 520 626 5981
More information about the 389-users
mailing list