[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: size limit by ip?

Patrick Radtke wrote:
Is it possible to control the size limit based on the ip address?

man slapd.conf

      *limits* <*who*> <*limit*> *[*<*limit*> *[...]]

*The argument *who* can be any of

             anonymous      |   users   |   [dn[.<style>]=]<pattern>   |

Which doesn't look like the 'who' can be an ip address, but I just want to confirm that is the case (since the 'who' in slapd.access support peername.ip and I'm hoping that that the underlying code for both 'who's is the same :)

Basically we have software running on a host that is
unable to authenticate (due to 3rd party software)
and we need to increase the size limits for queries coming from it,
without increasing that limit for all anonymous binds.

Are there alternative ways of doing this?
Possibly setting up a server with back-ldap running, only allowing access from the specific
ip address and letting the back-ldap server bind to real servers as an authorized account?

Or is there a way to map ip address to an identity that can be used in the limits control.

We're running 2.3.24.



Did you try?

Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).