[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: View or filter based on ldaps://FQDN

Erwann Abalea wrote:
Can't SNI support be added?

Perhaps. It depends on which version of TLS library is being used.


Le 14 janv. 2012 13:08, "Howard Chu" <hyc@symas.com <mailto:hyc@symas.com>> a
Ãcrit :
 > Ronie Gilberto Henrich wrote:
 >> Hello,
 >> I need to be able to restrict ldap ou's access based on the ldaps://FQDN
used to query the ldap server.
 >> Let say I have the following in my ldap server:
 >> ou=domain
 >>     ou=raincoatcompany.com <http://raincoatcompany.com>
 >>     ou=umbrellacompany.com <http://umbrellacompany.com>
 >> Considering that both ldap.raincoatcompany.com
<http://ldap.raincoatcompany.com> and ldap.umbrellacompany.com
<http://ldap.umbrellacompany.com> are resolving to IP address
 >> So, querying the ldap server using
<http://ldap.raincoatcompany.com/ou=domain> should grant access only to the
 >> ou=domain
 >>     ou=raincoatcompany.com <http://raincoatcompany.com>
 >> Is there any way to accomplish that with OpenLDAP?
 > Not possible. slapd only sees the IP address of the incoming connection, it
has no way to know what DNS name was used to resolve to that address.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/