[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regarding access control



On Wednesday 12 July 2006 08:26, Nisha P Kurur wrote:
> Greetings!!!
>
> I'm using openldap-2.0.27-8 (which comes along with RedHat 9).

Upgrade!!!!!

Please, both the software and the OS are so outdated, you have many security 
holes and software bugs on your hands you're wasting your time.

> I'm trying 
> to do IP based access control to the ldap server. For the same, the below
> shown rules were added to the slapd.conf.
>
> access  to * by peername=10.6.21.*   write
> access  to * by *                    none
>
> Still all the machines were able to query and display the contents in the
> ldap database. On searching the web, it was given that to do such IP based
> access control, we have to setup rules in the firewall to block the IPs
> and allow only the required ones. So what does the above access control
> mechanism do (the one with openldap)? are there any other way to obtain
> the same?
>

On 2.3.x, something like this works for me:

by peername.ip=192.168.12.0%255.255.252.0 read

I don't care to speculate about the 4-year old release you are running.

Regards,
Buchan

-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgpH6UnODmfvC.pgp
Description: PGP signature