[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: distinguish between a intranet user and remote user



you may consider using peername, there's little documentation on it so you
should poke around but here's a sample that i use

access to dn="*,ou=Private,ou=Company,ou=MyDomain" attrs=userpassword
  by peername="ip=153.32.26.125:*" write
  by peername="ip=153.33.22.126:*" search
  by peername="^ip=*" none

which says for the userpassword attribute for this subbranch, I restrict
access to those ips listed. you can use regular expressions too and that
might help (because it'll get very tedious editing this list. let me know if
you discover other alternatives too.

jm

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of M.Raghu Babu
Sent: Friday, November 02, 2001 1:03 AM
To: openldap-software@OpenLDAP.org
Subject: distinguish between a intranet user and remote user


Hi all,
    Is it possible that I can distinguish between a local user(in my company
Lan) accessing ldap and others(possible outside my company Lan).  I dont
want
to give the outside user to access some sensitive data.  Is there any way to
provide acl to recognise the ipaddress to distinguish between the local user
and the remote user.  Is there anything like IP/Subnet verification.

  	Hoping for a solution.
Thanks & Regards
M.Raghu Babu