[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL for IP restriction

To: <openldap-software@OpenLDAP.org>
Subject: ACL for IP restriction
From: "Torsten Curdt" <tcurdt@dff.st>
Date: Sun, 7 Jan 2001 15:42:16 +0100
Importance: Normal

In our intraweb we use an openldap server that holds all user specific
data (including auth information like crypted passwords etc.). All other
machines auth against this ldap server.

I now want to allow a machine from our perimeter net to authen against
this ldap server as well. But only this one machine and only with very
limited access.

I'm a bit scared to open the firewall because the perimeter machine
gets full LDAP access to the crypted passwords. So what I was thinking of
was to limit the access based on the machines IP.

This is what I got so far:

access to
  attrs=userPassword
    by self                            write
    by dn="uid=root,dc=dff,dc=local"   write
    by addr=62.132.127.51              compare
    by addr=172.16.0.0                 compare
    by *                               none

access to
  attrs=emailalias,icq
    by self                            write
    by dn="uid=root,dc=dff,dc=local"   write
    by addr=62.132.127.51              none
    by addr=172.16.0.0                 write
    by *                               none

access to
  *
    by dn="uid=root,dc=dff,dc=local"   write
    by addr=172.16.0.0                 read
    by *                               none

Can you guys please comment on this?
Thanx in advance
--
Torsten

Follow-Ups:
- Re: ACL for IP restriction
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: Problem using custome objectclass
Next by Date: Strange behaviour regarding index
Index(es):
- Chronological
- Thread