[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Filter a ldap connection for a user comming from an IP source



Hello Kyle,

Thank you for your answer. I've implemented this solution and started slapd with -d 256 to make sure of the incoming IP address.Unfortunately this solution doesn't work.
Regards

> De : Kyle Smith <alacer.cogitatus@gmail.com>
>À : Mik J <mikydevel@yahoo.fr> 
>
>I can't find specifics on how it works, but the acls contain a "set" command so something like:
>
>access to <what>
>     by set="dn=[uid=myadmin,ou=people,dc=mydomain,dc=org] & peername.ip=1.1.1.1" read
>
>might work for you, although I don't know the actual syntax or if this is how it was meant to be used.
>
>The ACL reference is here: http://www.openldap.org/doc/admin24/access-control.html
>
>Kyle
>
>
>2012/10/4 Mik J <mikydevel@yahoo.fr>
>
>Hello,
>>
>>I have this ACL that allows the users myadmin to list encrypted passwords
>>
>>access to attrs=userpassword,shadowMax,shadowExpire,sambaLMPassword,sambaNTPassword,sambaPwdLastSet
>>        by dn="uid=myadmin,ou=people,dc=mydomain,dc=org" read
>>
>>However this user my admin is supposed to come from one IP 1.1.1.1 only.
>>I think that the peername directive might help to achive this task but I don't know how to associate it with the user myadmin.
>>In conclusion I would like that the user myadmin coming from IP 1.1.1.1 be able to see the encrypted passwords.
>>If the user myadmin comes from another IP like 2.2.2.2 he would not match the ACL and therefore not be able to see encrypted passwords.
>>
>>Does anyone know what is the syntax ?