[Date Prev][Date Next] [Chronological] [Thread] [Top]

size limit by ip?

To: openldap-software@openldap.org
Subject: size limit by ip?
From: Patrick Radtke <phr2101@columbia.edu>
Date: Tue, 04 Dec 2007 11:29:24 -0700
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

Is it possible to control the size limit based on the ip address?

man slapd.conf

      *limits* <*who*> <*limit*> *[*<*limit*> *[...]]

*The argument *who* can be any of

		     anonymous	  |   users   |   [dn[.<style>]=]<pattern>   |
		     group[/oc[/at]]=<pattern>


Which doesn't look like the 'who' can be an ip address,
but I just want to confirm that is the case (since the 'who' in
slapd.access support peername.ip and I'm hoping that
that the underlying code for both 'who's is the same :)

Basically we have software running on a host that is
unable to authenticate (due to 3rd party software)
and we need to increase the size limits for queries coming from it,
without increasing that limit for all anonymous binds.

Are there alternative ways of doing this? Possibly setting up a server with back-ldap running, only allowing access from the specific ip address and letting the back-ldap server bind to real servers as an authorized account?

Or is there a way to map ip address to an identity that can be used in the limits control.

We're running 2.3.24.

thanks,

Patrick

Follow-Ups:
- Re: size limit by ip?
  - From: Gavin Henry <ghenry@suretecsystems.com>
- Re: size limit by ip?
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: custom schema oddness?
Next by Date: Re: 2.4.6 prov/con, delta-syncrepl and auditContext
Index(es):
- Chronological
- Thread