Table of Contents
Advertisement
Bind Rules
•
SSL
The client must bind to the directory over a Secure Sockets Layer (SSL) or
Transport Layer Security (TLS) connection.
In the case of SSL, the connection is established to the LDAPS second port; in
the case of TLS, the connection is established through a Start TLS operation.In
both cases, a certificate must be provided. For information on setting up SSL,
see Chapter 11, "Managing SSL."
•
SASL
The client must bind to the directory over a Simple Authentication and
Security Layer (SASL) connection. Note that Directory Server does not provide
a SASL module.
You cannot set up authentication-based bind rules through the Access Control
Editor.
The LDIF syntax for setting a bind rule based on an authentication method is as
follows:
authmethod = "authentication_method"
where
Examples
The following are examples of the
authmethod = "none";
Authentication is not checked during bind rule evaluation.
authmethod = "simple";
The bind rule is evaluated to be true if the client is accessing the directory using
a username and password.
authmethod = "ssl";
The bind rule is evaluated to be true if the client authenticates to the directory
using a certificate over LDAPS. This is not evaluated to be true if the client
authenticates using simple authentication (bind DN and password) over ldaps.
authmethod = "sasl DIGEST-MD5";
The bind rule is evaluated to be true if the client is accessing the directory using
the SASL DIGEST-MD5 mechanism. The other supported SASL mechanism is
EXTERNAL.
220
Netscape Directory Server Administrator's Guide • January 2002
is
authentication_method
,
,
, or
none
simple
ssl
keyword:
authmethod
"sasl sasl_mechanism"
.
Advertisement
Table of Contents
