[Date Prev][Date Next]
Re: Filter a ldap connection for a user comming from an IP source
Thank you for your answer. I've implemented this solution and started slapd with -d 256 to make sure of the incoming IP address.Unfortunately this solution doesn't work.
> De : Kyle Smith <email@example.com>
>À : Mik J <firstname.lastname@example.org>
>I can't find specifics on how it works, but the acls contain a "set" command so something like:
>access to <what>
> by set="dn=[uid=myadmin,ou=people,dc=mydomain,dc=org] & peername.ip=22.214.171.124" read
>might work for you, although I don't know the actual syntax or if this is how it was meant to be used.
>The ACL reference is here: http://www.openldap.org/doc/admin24/access-control.html
>2012/10/4 Mik J <email@example.com>
>>I have this ACL that allows the users myadmin to list encrypted passwords
>>access to attrs=userpassword,shadowMax,shadowExpire,sambaLMPassword,sambaNTPassword,sambaPwdLastSet
>> by dn="uid=myadmin,ou=people,dc=mydomain,dc=org" read
>>However this user my admin is supposed to come from one IP 126.96.36.199 only.
>>I think that the peername directive might help to achive this task but I don't know how to associate it with the user myadmin.
>>In conclusion I would like that the user myadmin coming from IP 188.8.131.52 be able to see the encrypted passwords.
>>If the user myadmin comes from another IP like 184.108.40.206 he would not match the ACL and therefore not be able to see encrypted passwords.
>>Does anyone know what is the syntax ?