[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL for IP restriction

To: <openldap-general@OpenLDAP.org>
Subject: ACL for IP restriction
From: Torsten Curdt <tcurdt@linux01.gwdg.de>
Date: Sun, 7 Jan 2001 00:16:50 +0100 (MET)

In our intraweb we use an openldap server that holds all user specific
data (including auth information like crypted passwords etc.). All other
machines auth against this ldap server.

I now want to allow a machine from our perimeter net to authen against
this ldap server as well. But only this one machine and only with very
limited access.

I'm a bit scared to open the firewall because the perimeter machine
gets full LDAP access to the crypted passwords. So what I was thinking of
was to limit the access based on the machines IP.

This is what I got so far:

access to
  attrs=userPassword
    by self                            write
    by dn="uid=root,dc=dff,dc=local"   write
    by addr=62.132.127.51              compare
    by addr=172.16.0.0                 compare
    by *                               none

access to
  attrs=emailalias,icq
    by self                            write
    by dn="uid=root,dc=dff,dc=local"   write
    by addr=62.132.127.51              none
    by addr=172.16.0.0                 write
    by *                               none

access to
  *
    by dn="uid=root,dc=dff,dc=local"   write
    by addr=172.16.0.0                 read
    by *                               none

Can you guys please comment on this?
Thanx in advance
--
Torsten

Follow-Ups:
- Re: ACL for IP restriction
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: schema entries
Next by Date: Re: ACL for IP restriction
Index(es):
- Chronological
- Thread