[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs: restrict by IP and user

To: openldap-technical@openldap.org
Subject: ACLs: restrict by IP and user
From: Janne Peltonen <janne.peltonen@helsinki.fi>
Date: Wed, 27 Apr 2016 17:23:43 +0300
Content-disposition: inline
User-agent: Mutt/1.5.23 (2014-03-12)

Hi!

I was thinking about giving the users a different set of their own attributes,
depending on whether they accessed the server from a well-known IP address or
not. Is this possible using OpenLDAP? I know how to form a WHO clause to grant
access to self; I know how to form a WHO clause to grant access from a certain
IP address; what I don't know is how to grant access to "self if and only if it
hails from a certain IP address", i.e. so that the given rights would require
both that we're considering "self" and "IP address" at the same time, but if
either doesn't match, then the clause wouldn't apply.

I'be glad if anybody could provide any help upon this. Also a simple "can't be
done" would be appreciated.


--Janne Peltonen
University of Helsinki

Follow-Ups:
- Re: ACLs: restrict by IP and user
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Re: Offline modification in replicated environment
Next by Date: Re: ACLs: restrict by IP and user
Index(es):
- Chronological
- Thread