[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: View or filter based on ldaps://FQDN

To: ronie@ronie.com.br
Subject: Re: View or filter based on ldaps://FQDN
From: Howard Chu <hyc@symas.com>
Date: Sat, 14 Jan 2012 03:45:59 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <4F10B9C9.2040606@ronie.com.br>
References: <4F10B9C9.2040606@ronie.com.br>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0a1) Gecko/20111224 Firefox/12.0a1 SeaMonkey/2.9a1

Ronie Gilberto Henrich wrote:

Hello,

I need to be able to restrict ldap ou's access based on the ldaps://FQDN used to query the ldap server.
Let say I have the following in my ldap server:
ou=domain
     ou=raincoatcompany.com
     ou=umbrellacompany.com

Considering that both ldap.raincoatcompany.com and ldap.umbrellacompany.com are resolving to IP address 10.0.0.10
So, querying the ldap server using ldaps://ldap.raincoatcompany.com/ou=domain should grant access only to the following:
ou=domain
     ou=raincoatcompany.com


Is there any way to accomplish that with OpenLDAP?

Not possible. slapd only sees the IP address of the incoming connection, ithas no way to know what DNS name was used to resolve to that address.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: View or filter based on ldaps://FQDN
  - From: Erwann Abalea <eabalea@gmail.com>
- Re: View or filter based on ldaps://FQDN
  - From: Ronie Gilberto Henrich <ronie@ronie.com.br>

References:
- View or filter based on ldaps://FQDN
  - From: Ronie Gilberto Henrich <ronie@ronie.com.br>

Prev by Date: Re: Password Policy pwdFailureTime count limits?
Next by Date: Re: View or filter based on ldaps://FQDN
Index(es):
- Chronological
- Thread