HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

251

252

253

254

255

256

257

258

259

260

timeofday = "1200";

• The bind rule is evaluated to be true if the client is accessing the directory at any time other

than 1 a.m.

timeofday != "0100";

• The bind rule is evaluated to be true if the client is accessing the directory at any time after

8 a.m.

timeofday > "0800";

• The bind rule is evaluated to be true if the client is accessing the directory at any time before

6 p.m.

timeofday < "1800";

• The bind rule is evaluated to be true if the client is accessing the directory at 8 a.m. or later.

timeofday >= "0800";

• The bind rule is evaluated to be true if the client is accessing the directory at 6 p.m. or earlier.

timeofday <= "1800";

• The bind rule is evaluated to be true if the client is accessing the directory on Sunday,

Monday, or Tuesday.

dayofweek = "Sun, Mon, Tue";

6.4.9 Defining access based on authentication method

You can set bind rules that state that a client must bind to the directory using a specific

authentication method. There are four available authentication methods:

• None

Authentication is not required. This is the default. It represents anonymous access.

• Simple

The client must provide a user name and password to bind to the directory.

• SSL

The client must bind to the directory over a Secure Sockets Layer (SSL) or Transport Layer

Security (TLS) connection, using a client certificate for authentication.

In the case of SSL, the connection is established to the LDAPS second port; in the case of

TLS, the connection is established through a Start TLS operation. In both cases, a certificate

must be provided. For information on setting up SSL, see Chapter 12 “Managing SSL”.

• SASL

The client must bind to the directory over a Simple Authentication and Security Layer (SASL)

connection. Directory Server supports three SASL mechanisms: EXTERNAL,

CRAM-MD5,DIGEST-MD5, and GSS-API (for Kerberos systems). For information on setting

up SASL, see Chapter 13 “Managing SASL”.

NOTE:

You cannot set up authentication-based bind rules through the Access Control Editor.

The LDIF syntax for setting a bind rule based on an authentication method is as follows:

authmethod = "sasl_mechanism

Where sasl_mechanism can be none, simple, ssl, or "saslsasl_mechanism".

254 Managing access control