[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restrict rootdn binds by connection source IP address?

Subject: Re: restrict rootdn binds by connection source IP address?
From: Jonathan Dobbie <jonathan_dobbie@mcad.edu>
Date: Mon, 19 Nov 2007 11:01:33 -0600
Cc: openldap-software@openldap.org
In-reply-to: <Pine.SOC.4.64.0711191147310.26362@toolbox.rutgers.edu>
References: <47417C6C.2090401@altkom.pl> <Pine.SOC.4.64.0711191147310.26362@toolbox.rutgers.edu>


On Nov 19, 2007, at 10:48 AM, Aaron Richton wrote:

Only way to stop rootdn is to stop it from getting in in the first place: tcp wrappers/iptables/etc. Which of course do a lot more than rootdn, though...
On Mon, 19 Nov 2007, Aleksander Adamowski wrote:
Hi!
Knowing that rootdn always bypasses ACLs, is there any other way to restrict BIND operations that use rootdn to certain source IP addresses for clients?
--

I'm new and stupid, but why not just put an admin account in ldap and ditch the rootdn?

Follow-Ups:
- Re: restrict rootdn binds by connection source IP address?
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- restrict rootdn binds by connection source IP address?
  - From: Aleksander Adamowski <aleksander.adamowski.openldap@altkom.pl>
- Re: restrict rootdn binds by connection source IP address?
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: RE: restrict rootdn binds by connection source IP address?
Next by Date: Re: restrict rootdn binds by connection source IP address?
Index(es):
- Chronological
- Thread