[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limit which database is reachable on which port (slapd is listening on)?

To: John Lewis <oflameo2@gmail.com>
Subject: Re: Limit which database is reachable on which port (slapd is listening on)?
From: Karsten Heymann <karsten.heymann@gmail.com>
Date: Tue, 20 Jun 2017 08:23:40 +0200
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=C49Rivnk4Kdllxj8MH6tUUy8IA+aEUf/U8TUptSWHeM=; b=MXRGrRLHjICNmF7gvpvZsMOvssh30nXf6Mmzau+TVzNG6FkXfzY4f5ge2RKBNb0GU4 yvNmiLbw9HV0RVmw2ZWzXCE2B4ypvge6KsN1ENXwk2efIgtiACTUlI/wQjEsrRShITNa n6g2TGoZVGTfXQsVohB5X+IzqwXYXkMt0TEmEFfghNkLMOuAHkcif6VoF4yr4r3DT56o 1iHoEIlk9KaW0YlYksu2wNHjkxC49sVuAUB+nPSBdb2ZvII0ZkhJpk6eKF8udJIKTqaW 4lXBbbn2ZDNbCkyI3duOTtly2u9PM7Ic/yIUThWi/ZOqJZtIpD2yl0i24JjG91902jAy XvAg==
In-reply-to: <1497916932.19583.18.camel@gmail.com>
References: <CAL017hD3vjRVYL1cKxhZggvt18pPUaC9PAyXcHCTdjzp7QndBw@mail.gmail.com> <WM!a8b90e2e2f2939888239ca5ebe0e7ea040b47e169d02742f63bb69b8524aa7d810edc144416bf8c95ebd96dda6c3f69b!@mailstronghold-3.zmailcloud.com> <0ffbedf6-bc81-65cb-63e7-c73de6c58ca6@symas.com> <CAL017hAP=deV198PrBvRy4dA7tEQ+A_tiTaL7hoD23oGaLiAwg@mail.gmail.com> <1497916932.19583.18.camel@gmail.com>

Hi John,

2017-06-20 2:02 GMT+02:00 John Lewis <oflameo2@gmail.com>:
> On Mon, 2017-06-19 at 16:46 +0200, Karsten Heymann wrote:
>> 2017-06-19 15:48 GMT+02:00 Howard Chu <hyc@symas.com>:
>> > Read the slapd.access(5) manpage, use an ACL specifying sockname=xxx for the
>> > local port identifier.

> Sorry to hijack this thread, but is there anyway to limit which database
> is reachable on the same port based on domain the in coming connection
> is trying to use like name based virtual hosting like name based virtual
> hosting in the apache web server. I want to make the interfaces as
> friendly as possible without waisting IPv4 addresses.

Yes, that's a standard ldap feature. You differentiate between
different databases on the same server by providing different basedns
when connecting.

Example:
If you have a ldap server with the databases o=companyA and
o=companyB, you can (and in fact have to) specify which database/tree
you are searching:

ldapsearch -H ldap://<my ldap server>/ -b o=companyA givenName=Bob
ldapsearch -H ldap://<my ldap server>/ -b o=companyB givenName=Alive

will search for Bobs in the companyA database and for Alices in the
companyB database.

Was that your question?

Best regards
Karsten

Follow-Ups:
- Re: Limit which database is reachable on which port (slapd is listening on)?
  - From: John Lewis <oflameo2@gmail.com>

References:
- Limit which database is reachable on which port (slapd is listening on)?
  - From: Karsten Heymann <karsten.heymann@gmail.com>
- Re: Limit which database is reachable on which port (slapd is listening on)?
  - From: Howard Chu <hyc@symas.com>
- Re: Limit which database is reachable on which port (slapd is listening on)?
  - From: Karsten Heymann <karsten.heymann@gmail.com>
- Re: Limit which database is reachable on which port (slapd is listening on)?
  - From: John Lewis <oflameo2@gmail.com>

Prev by Date: Re: Limit which database is reachable on which port (slapd is listening on)?
Next by Date: Re: Limit which database is reachable on which port (slapd is listening on)?
Index(es):
- Chronological
- Thread