Is it possible to control the size limit based on the ip address?
man slapd.conf
*limits* <*who*> <*limit*> *[*<*limit*> *[...]]
*The argument *who* can be any of
anonymous | users | [dn[.<style>]=]<pattern> |
group[/oc[/at]]=<pattern>
Which doesn't look like the 'who' can be an ip address,
but I just want to confirm that is the case (since the 'who' in
slapd.access support peername.ip and I'm hoping that
that the underlying code for both 'who's is the same :)
Basically we have software running on a host that is
unable to authenticate (due to 3rd party software)
and we need to increase the size limits for queries coming from it,
without increasing that limit for all anonymous binds.
Are there alternative ways of doing this?
Possibly setting up a server with back-ldap running, only allowing
access from the specific
ip address and letting the back-ldap server bind to real servers as an
authorized account?
Or is there a way to map ip address to an identity that can be used in
the limits control.
We're running 2.3.24.
thanks,
Patrick