[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: View or filter based on ldaps://FQDN

To: openldap-technical@openldap.org
Subject: Re: View or filter based on ldaps://FQDN
From: Ronie Gilberto Henrich <ronie@ronie.com.br>
Date: Sat, 14 Jan 2012 09:59:28 -0500
In-reply-to: <4F116AF7.5060504@symas.com>
Organization: GIT
References: <4F10B9C9.2040606@ronie.com.br> <4F116AF7.5060504@symas.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.25) Gecko/20111213 Lightning/1.0b2 Thunderbird/3.1.17

Howard Chu wrote:
> Ronie Gilberto Henrich wrote:
>> Hello,
>>
>> I need to be able to restrict ldap ou's access based on the ldaps://FQDN used to query the ldap server.
>> Let say I have the following in my ldap server:
>> ou=domain
>>      ou=raincoatcompany.com
>>      ou=umbrellacompany.com
>>
>> Considering that both ldap.raincoatcompany.com and ldap.umbrellacompany.com are resolving to IP address 10.0.0.10
>> So, querying the ldap server using ldaps://ldap.raincoatcompany.com/ou=domain should grant access only to the following:
>> ou=domain
>>      ou=raincoatcompany.com
>>
>>
>> Is there any way to accomplish that with OpenLDAP?
>
> Not possible. slapd only sees the IP address of the incoming connection, it has no way to know what DNS name was used to resolve to that address.
>
Is it possible to allow access to a specific dn only by a specific client IP address?
ie:
access to dn.exact="ou=domain,ou=raincoatcompany.com"
    by clientIP=200.200.0.117 read

Follow-Ups:
- Re: View or filter based on ldaps://FQDN
  - From: masarati@aero.polimi.it
- Re: View or filter based on ldaps://FQDN
  - From: Michael Ströder <michael@stroeder.com>

References:
- View or filter based on ldaps://FQDN
  - From: Ronie Gilberto Henrich <ronie@ronie.com.br>
- Re: View or filter based on ldaps://FQDN
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: View or filter based on ldaps://FQDN
Next by Date: Re: View or filter based on ldaps://FQDN
Index(es):
- Chronological
- Thread