[Date Prev][Date Next] [Chronological] [Thread] [Top]

granting/denying access based on client ip address



hi , everybody

IS there a way to grant/deny access to your ldapserver

based on client ip address??
- ACL 
I wanted to block machine 192.168.200.161 from
accessing the ldap server:

access to *  
 by addr="192.168.200.161" none

But I still could retrieve information by running
ldapsearch on  machine 192.168.200.161 , by using the
rootdn to bind to the ldap server.

Let say I only wanted machines 192.168.200.121 and
192.168.200.156 to be able to access the ldapserver,
all other machines should be denied access.

What are the ACL?

Let say i wanted to block network 192.168.201.0,allow
access for network 192.168.205.0 

what are the ACL?

- TCPwrappers:
a quote:"TCP-Wrappers is another security enhancement
package. The theory is that you take programs being
run under inetd (see /etc/inetd.conf) and before you
run the program to do the real work (ftpd, telnetd,
etc...), you first run the connection attempt through
a package that checks to see if the IP address of the
source packet is coming from a host known to be either
good or bad (you may filter connection attempts by
source host name, domain name, raw IP address, port
they are attempting to connect to; and either allow
known good connections through thus refusing unknown
connections, or accept all connections except those
known to be bad)." 

TCPwrappper is not such a good idea since it means
that you don't have a standalone slapd daemon , thus 
performance goes down.

thanks in advance.

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/