[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different tcp wrapper configuration for ldap and ldaps, possible?

To: Bo Gundersen <bg@atira.dk>
Subject: Re: Different tcp wrapper configuration for ldap and ldaps, possible?
From: Allan Streib <astreib@indiana.edu>
Date: Mon, 5 May 2003 13:18:03 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3EB686E4.10904@atira.dk>
References: <3EB686E4.10904@atira.dk>

You could use iptables/ipchains or whatever packet filtering capability
your OS offers, to limit access to port 389.

Allan

On Mon, 5 May 2003, Bo Gundersen wrote:

> Hi
>
> I have run into a bit of a problem, I have an semi open OpenLdap server
> which is currently only responding to ldaps, but I would like to open
> the server for non-ssl connections from a very limited number of hosts.
>
> However I am not sure how to configure this with tcp wrappers. As I
> understand it, OpenLdap checks the hosts.{allow,deny} files with the
> name of OpenLdap executable and not the name of the actual protocol
> (correct?), and it is therefor impossible to have a very open
> hosts.{allow,deny} for ldaps and a very closed one for ldap.
>
> Is there anyway that I can make OpenLdap use the actual protocol for
> lookups into hosts.{allow,deny} istead of the executable name?
> or do I have to run two different OpenLdap servers to make this work?
>
> Thanks in advance :)
>
>

References:
- Different tcp wrapper configuration for ldap and ldaps, possible?
  - From: Bo Gundersen <bg@atira.dk>

Prev by Date: Re: Documentation Required
Next by Date: Re: Different tcp wrapper configuration for ldap and ldaps, possible?
Index(es):
- Chronological
- Thread