Hi all- I'm configuring an OpenLDAP server with the Perl Backend. I've been able to set permissions for search on one of my backends to lock it down based on IP as follows:
access to dn.sub="dc=alias"
by peername.ip=127.0.0.1 read
by peername.ip=10.181.24.193 read
by peername.ip=10.181.35.243 read
by * none
That makes it that only those IP's listed can search and get results from
that branch.
I now need to do the same type of thing for another branch, but for
authentication instead (i.e. only allow auth to occur if coming from an
approved IP). I've tried the following:
access to dn.sub="dc=mfa"
by peername.ip=127.0.0.1 auth
by peername.ip=10.181.24.193 auth
by * none
But no luck. Any ideas/help? If I can't do this with an ACL, if I can get
the IP address of the request passed in to the bind function in the Perl
backend, I can handle the controls there.
-Etan E. Weintraub
Information Security Architect
IT@Johns Hopkins
Johns Hopkins at Mt. Washington
<x-apple-data-detectors://4/> 5801 Smith Ave.
Davis Building <x-apple-data-detectors://4/> Suite 3110B
<x-apple-data-detectors://5/0> Baltimore, MD 21209
Phone: <tel:667-208-6309> 667-208-6309
E-mail: <mailto:[email protected]> [email protected]
smime.p7s
Description: S/MIME cryptographic signature
