[Date Prev][Date Next]
RE: distinguish between a intranet user and remote user
you may consider using peername, there's little documentation on it so you
should poke around but here's a sample that i use
access to dn="*,ou=Private,ou=Company,ou=MyDomain" attrs=userpassword
by peername="ip=18.104.22.168:*" write
by peername="ip=22.214.171.124:*" search
by peername="^ip=*" none
which says for the userpassword attribute for this subbranch, I restrict
access to those ips listed. you can use regular expressions too and that
might help (because it'll get very tedious editing this list. let me know if
you discover other alternatives too.
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of M.Raghu Babu
Sent: Friday, November 02, 2001 1:03 AM
Subject: distinguish between a intranet user and remote user
Is it possible that I can distinguish between a local user(in my company
Lan) accessing ldap and others(possible outside my company Lan). I dont
to give the outside user to access some sensitive data. Is there any way to
provide acl to recognise the ipaddress to distinguish between the local user
and the remote user. Is there anything like IP/Subnet verification.
Hoping for a solution.
Thanks & Regards