HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

251

252

253

254

255

256

257

258

259

260

timeofday < "1800";

• The bind rule is evaluated to be true if the client is accessing the directory at 8 a.m. or later.

timeofday >= "0800";

• The bind rule is evaluated to be true if the client is accessing the directory at 6 p.m. or earlier.

timeofday <= "1800";

• The bind rule is evaluated to be true if the client is accessing the directory on Sunday, Monday,

or Tuesday.

dayofweek = "Sun, Mon, Tue";

6.4.9 Defining access based on authentication method

You can set bind rules that state that a client must bind to the directory using a specific authentication

method. There are four available authentication methods:

• None

Authentication is not required. This is the default. It represents anonymous access.

• Simple

The client must provide a user name and password to bind to the directory.

• SSL

The client must bind to the directory over a Secure Sockets Layer (SSL) or Transport Layer

Security (TLS) connection, using a client certificate for authentication.

In the case of SSL, the connection is established to the LDAPS second port; in the case of TLS,

the connection is established through a Start TLS operation. In both cases, a certificate must

be provided. For information on setting up SSL, see “Managing SSL” (page 469).

• SASL

The client must bind to the directory over a Simple Authentication and Security Layer (SASL)

connection. Directory Server supports three SASL mechanisms: EXTERNAL,

CRAM-MD5,DIGEST-MD5, and GSS-API (for Kerberos systems). For information on setting

up SASL, see “Managing SASL” (page 499).

NOTE:

You cannot set up authentication-based bind rules through the Access Control Editor.

The LDIF syntax for setting a bind rule based on an authentication method is as follows:

authmethod = "sasl_mechanism

Where sasl_mechanism can be none, simple, ssl, or "saslsasl_mechanism".

6.4.9.1 Examples

The following are examples of the authmethod keyword:

• Authentication is not checked during bind rule evaluation.

authmethod = "none";

• The bind rule is evaluated to be true if the client is accessing the directory using a username

and password.

authmethod = "simple";

• The bind rule is evaluated to be true if the client authenticates to the directory using a certificate

over LDAPS. This is not evaluated to be true if the client authenticates using simple authentication

(bind DN and password) over LDAPS.

6.4 Bind rules 253