Am Mon, 9 May 2016 09:00:22 +0200 schrieb Dora Paula <[email protected]>:
> Dear List, > > I've two subtrees that contain user-accounts: > ou=usersA,dc=example,dc=com and ou=usersB,dc=example,dc=com. > > Goal: Users below ou=userA,... should only be allowed to bind using > sasl_bind, but not with simple_bind. Whereas users below > ou=usersB,... should be allowed to bind using both (or any kind of > bind). > > I searched the documentation but without success. All I found was > disallow simplebind and sasl_ssf, but both seem to make no sense in > this case: While the first disallows simple_binds globally, the > combination of sasl_ssf and access auth is or at least seems > contradicting to me. > > Question: Is it possible to achieve this goal using current openldap > release? Yes, this is possible, man slapd.acess(5), read on security, security strength factors and transport layer security. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
