On Jun 16, 2008, at 8:49 AM, Rich Megginson wrote:
Dael Maselli wrote:
Hi all,
is there any method to deny simple bind operation unless in a secure
channel (SSL or STARTTLS)?
No. This relates to another requested feature, which is the ability
to deny anonymous bind or other anonymous operations. I would like
to get some requirements for such a feature.
* allow simple bind/anonymous operations only over a secure channel?
* allow simple bind/anonymous operations for certain hosts/ip
addresses?
* allow only certain anonymous operations, like startTLS and the
password change extop? others?
* other access control features related to the above?
Do I have to write a plug-in? Hints?
Yes, at this point it would have to be a plug-in, most likely a bind
pre-op plug-in.
I have a bind pre-op plugin that meets the first two requirements; I
would be happy to share it with anyone interested.
Thanks,
--Gary
--
Gary Windham
Senior Enterprise Systems Architect
The University of Arizona, UITS
+1 520 626 5981
--
Fedora-directory-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users
