Restricting 389 to TLS (simple or cert) from specific userDNs
i am configuring an LDAP server to listen on 389 (TLS) and 636 SSL
I have applications that need to use "simple" authenticaiton on 389 and have ldap clients that are configured to use TLS:simple
question i have is
i want to enforce the use of tls if bind is being done by specific userDNs and IP / DNS addresses. I have read documentation and know I can setup ACI to restrict by DNS/IP but not by bind method (none of the bind methods fulfil the transport requirement)
authmethod = ssl requires cert authentication and i dont believe Solaris ldap clients cannot support cert authentication.
what is the best practice in this respect ?
[672 byte] By [
premSa] at [2007-11-26 18:23:21]
# 1
Hi,
I have the same problem. A possible solution may be writing a plugin. Has anyone done this already? I ve seen that the directory proxy server supports this feature but are you willing to install a proxy server only for this issue? Me not.
Any comments are welcome!
best regards
harry
# 3
Hi
sounds logical. However, I've seen that the user sl-abde has written a plugin with the needed functionality (http://forum.java.sun.com/thread.jspa?threadID=5062375). Unfortunately the Sun forums do not offer the possibility to contact a user directly, so I cannot ask for the code (can anyone help me?). I possible could be able to write the plugin by myself, but if someone did it already... Is there a community code repository?
Any ideas / suggestions would be highly appreciated.
harry
# 4
Have you tried to add a reply to the thread mention below, asking for an access to the code ?
There is no community code repository as far as I know.
How many people who think it would be a good idea to have such repository for Sun Directory Server ?
How many would be ready to contribute plug-ins code ? Under which licence ?
Regards,
Ludovic.
