Am Mon, 9 May 2016 11:00:38 +0200 schrieb Dora Paula <[email protected]>:
> I searched for security in slapd.access(5) [1] and just found: > > "The statements ssf=<n>, transport_ssf=<n>, tls_ssf=<n>, and > sasl_ssf=<n> set the minimum required Security Strength Factor (ssf) > needed to grant access." > > > In regard to "security" slapd.conf(5) [2] states: > > "security <factors> > ... The directive may be specified globally and/or per-database." > > Thus I don't see how this applies to my goal. > > > The following statement/example is taken from the current admin guide > [3]: > > access to dn="cn=example,cn=edu" > by * ssf=256 read > > Thus I tested, just for fun: > access to dn="ou=usersa,dc=example,dc=com" > by * sasl_ssf=1 auth > > Without success - which seems clear to me, because there is no > sasl-layer known during an initial bind. So, if I'm wrong, could you > please be so kind and go into more detail here? > > Thank you very much. [...] Any password transport should be protected by some means of transport security, that is, either sasl DIGEST-MD5 or TLS. security=1 access to dn.sub=ou=userA,dc=example,dc=com by * sasl_ssf=128 read access to dn.sub=ou=userB,dc=example,dc=com by * ssf=56 read or alternatively by transport_ssf=56 read -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
