Defining Access Based On Authentication Method; Examples - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

Defining Access Based on Authentication
Method
You can set bind rules that state that a client must bind to the directory using a
specific authentication method. The authentication methods available are:
• None—Authentication is not required. This is the default. It represents
anonymous access.
• Simple—The client must provide a user name and password to bind to the
directory.
• SSL—The client must bind to the directory over a Secure Sockets Layer (SSL) or
Transport Layer Security (TLS) connection.
In the case of SSL, the connection is established to the LDAPS second port; in
the case of TLS, the connection is established through a Start TLS operation.In
both cases, a certificate must be provided. For information on setting up SSL,
see Chapter 11, "Managing SSL."
• SASL—The client must bind to the directory over a Simple Authentication and
Security Layer (SASL) connection. Note that Directory Server does not
provide a SASL module.
You cannot set up authentication-based bind rules through the Access Control
Editor.
The LDIF syntax for setting a bind rule based on an authentication method is as
follows:
authmethod = "authentication_method"
where
authentication_method

Examples

The following are examples of the
authmethod = "none";
Authentication is not checked during bind rule evaluation.
authmethod = "simple";
The bind rule is evaluated to be true if the client is accessing the directory using
a username and password.
is , , , or
none simple ssl
authmethod
"sasl sasl_mechanism"
keyword:
Chapter 6 Managing Access Control
Bind Rules
.
229