[Date Prev][Date Next]
Re: ACL Question: a group of peernames ?
On Mon, 3 Dec 2001, Markus Benning wrote:
> Hi everyone,
> I'm searching for a way to Limit Access to a list of Hosts.
> Is it possible to have a group of hostnames and/or ips in
> the LDAP Tree and limit Access to hosts in that group ?
> An other way will to generate iptables rules out of
> the LDAP Directory with a little script.
> But this is not the perfect way.
That seems like a pretty good way:
1) The access control is done in the kernel, so slapd isn't
bothered by attacks;
2) Your script can be server-independent (e.g. could work with
some other LDAP server implementation);
3) Your script can run in the firewall, rather than on your LDAP
4) Your access control can be more dynamic, responding to changes
in your LDAP directory content -- AFAIK ACLs can't be
changed at runtime.