On Jun 16, 2008, at 8:49 AM, Rich Megginson wrote: > Dael Maselli wrote: >> Hi all, >> >> is there any method to deny simple bind operation unless in a secure >> channel (SSL or STARTTLS)? > No. This relates to another requested feature, which is the ability > to deny anonymous bind or other anonymous operations. I would like > to get some requirements for such a feature. > * allow simple bind/anonymous operations only over a secure channel? > * allow simple bind/anonymous operations for certain hosts/ip > addresses? > * allow only certain anonymous operations, like startTLS and the > password change extop? others? > * other access control features related to the above? >> Do I have to write a plug-in? Hints? > Yes, at this point it would have to be a plug-in, most likely a bind > pre-op plug-in. I have a bind pre-op plugin that meets the first two requirements; I would be happy to share it with anyone interested. Thanks, --Gary -- Gary Windham Senior Enterprise Systems Architect The University of Arizona, UITS +1 520 626 5981
