[Date Prev][Date Next]
granting/denying access based on client ip address
hi , everybody
IS there a way to grant/deny access to your ldapserver
based on client ip address??
I wanted to block machine 192.168.200.161 from
accessing the ldap server:
access to *
by addr="192.168.200.161" none
But I still could retrieve information by running
ldapsearch on machine 192.168.200.161 , by using the
rootdn to bind to the ldap server.
Let say I only wanted machines 192.168.200.121 and
192.168.200.156 to be able to access the ldapserver,
all other machines should be denied access.
What are the ACL?
Let say i wanted to block network 192.168.201.0,allow
access for network 192.168.205.0
what are the ACL?
a quote:"TCP-Wrappers is another security enhancement
package. The theory is that you take programs being
run under inetd (see /etc/inetd.conf) and before you
run the program to do the real work (ftpd, telnetd,
etc...), you first run the connection attempt through
a package that checks to see if the IP address of the
source packet is coming from a host known to be either
good or bad (you may filter connection attempts by
source host name, domain name, raw IP address, port
they are attempting to connect to; and either allow
known good connections through thus refusing unknown
connections, or accept all connections except those
known to be bad)."
TCPwrappper is not such a good idea since it means
that you don't have a standalone slapd daemon , thus
performance goes down.
thanks in advance.
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger