Description of problem: Section 6.4.9 is confusing regarding the use of authmethod="ssl". This bind rule reads as if it performs a similar function to the "ssf" ACI option in openssl - limiting operations based on the encryption being used. See Bug 436979 for reference. I recommend making the description clearer in the admin guide, or at least adding a "info" box describing authmethod="ssl" as in comment 1 from bug 436979
> I guess the documentation is not clear. The authmethod keyword is for > authentication method e.g. what credentials and what mechanism did the user > present to authenticate to the directory. "ssl" means that the user provided a > user certificate (or smart card, or some other pki device) to authenticate to > the directory. > > Unfortunately, there is no way, using access control, to specify that the > connection must have a certain level of protection. For example, with openldap, > you can say ssf=56 meaning the connection must have SSF level 56 or higher to > connect (e.g. TLS/SSL or SASL using DES).
Tried to clarify both the initial introduction and the example text:http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Access_Control-Bind_Rules.html#Bind_Rules-Defining_Access_Based_on_Authentication_Method This is live for 8.1 and will soon be in 8.0. Closing.