[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Restricting access based on IP Address

To: kevin sullivan <kevin4sullivan@gmail.com>, openldap-technical@openldap.org
Subject: Re: Restricting access based on IP Address
From: Howard Chu <hyc@symas.com>
Date: Tue, 04 Mar 2014 13:34:00 -0800
In-reply-to: <CAELdiYHdH+Zh1wHCOPdAqs49DcUBhvbDwOYWSi0LS++1GEtjyA@mail.gmail.com>
References: <CAELdiYHdH+Zh1wHCOPdAqs49DcUBhvbDwOYWSi0LS++1GEtjyA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1

kevin sullivan wrote:

Hi,

I am running an OpenLDAP server version 2.4.23 and I would like to restrict a
user from connecting unless they are connecting via an ldapi connection or
localhost. Specifically, I would like to only let the rootdn manage things
from localhost or from an ldapi connection, which ensures that they are on
localhost. I do not want to prevent other users from connecting to my LDAP
server via an ldaps connection from anywhere on the network.


rootdn ignores all access controls.


Is this possible? I have read a good bit about access control directives, but
I haven't seen what I am looking for. I am guessing that what I am looking for
probably deals with 'sockname' or 'sockurl', but I don't know how to use those
statements to properly configure slapd.

Thanks,

Kevin



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Restricting access based on IP Address
  - From: kevin sullivan <kevin4sullivan@gmail.com>

Prev by Date: Re: Critical GnuTLS bug ...
Next by Date: Re: Critical GnuTLS bug ...
Index(es):
- Chronological
- Thread