[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Limit which database is reachable on which port (slapd is listening on)?
- To: Karsten Heymann <karsten.heymann@gmail.com>
- Subject: Re: Limit which database is reachable on which port (slapd is listening on)?
- From: John Lewis <oflameo2@gmail.com>
- Date: Mon, 19 Jun 2017 20:02:12 -0400
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=sIF9caIVMosZ6GRbv+3GaGAJ2mHB4L5+4WUOgeX1mOo=; b=szchzZTM3ONHOOqzjsgloQHeq3Fqh3KXJKId6RsP02ReFk0qIFhAngVKL3cQ0Z94ay tM22DgV6UUkiD87CfaaQClR4eNGsQCXPtEU1ISiCGx+am84WmAg3edCu/ICaah/ZlOTe t7lj7btZ1qGf0NE2/UUMyqnMhwhMg9tvUgOnKKF5XNUIs7L5PWm1MuzIBePFnMXvQL+E JluidR/3eAiSyEPPkgh/Y725/CWKKBe4tL3nefy3FWfmTugmkZeFZ1ut6M4PcObk8vQl s8JuM6UACqrux2gE83vmhMQwx1zE4VUque9DgW1+Iyjh5uLP2QwyWXEmhiufmlECFBgQ s0jA==
- In-reply-to: <CAL017hAP=deV198PrBvRy4dA7tEQ+A_tiTaL7hoD23oGaLiAwg@mail.gmail.com>
- References: <CAL017hD3vjRVYL1cKxhZggvt18pPUaC9PAyXcHCTdjzp7QndBw@mail.gmail.com> <WM!a8b90e2e2f2939888239ca5ebe0e7ea040b47e169d02742f63bb69b8524aa7d810edc144416bf8c95ebd96dda6c3f69b!@mailstronghold-3.zmailcloud.com> <0ffbedf6-bc81-65cb-63e7-c73de6c58ca6@symas.com> <CAL017hAP=deV198PrBvRy4dA7tEQ+A_tiTaL7hoD23oGaLiAwg@mail.gmail.com>
On Mon, 2017-06-19 at 16:46 +0200, Karsten Heymann wrote:
> Hi Howard,
>
> perfect, thank you. I missed that one, I searched the documentation
> for "port", "listen" and "limit" but didn't think about the socket
> term. I guess for urls it's sockurl, sockname seems to be ment for the
> socket (file) name.
>
> Best regards
> Karsten
>
> 2017-06-19 15:48 GMT+02:00 Howard Chu <hyc@symas.com>:
> > Karsten Heymann wrote:
> >>
> >> Hi,
> >>
> >> short question: If I configure slapd to listen to several ports and
> >> have several databases configured, is there a way to limit which
> >> database is visible on which port? I want to use a single slapd
> >> instance to serve multiple databases (slapd-meta instances to be
> >> exact) and for each database want to use a dedicated listening port,
> >> somehow like port-based virtual hosts in the apache web server. The
> >> reason is that I want to define different firewall rules for the
> >> different databases. Is this possible with openldap?
> >
> >
> > Read the slapd.access(5) manpage, use an ACL specifying sockname=xxx for the
> > local port identifier.
> >
> >> Best regards
> >> Karsten
> >>
> >>
> >
> >
> > --
> > -- Howard Chu
> > CTO, Symas Corp. http://www.symas.com
> > Director, Highland Sun http://highlandsun.com/hyc/
> > Chief Architect, OpenLDAP http://www.openldap.org/project/
>
Sorry to hijack this thread, but is there anyway to limit which database
is reachable on the same port based on domain the in coming connection
is trying to use like name based virtual hosting like name based virtual
hosting in the apache web server. I want to make the interfaces as
friendly as possible without waisting IPv4 addresses.
Does the <dnstyle> directive have anything to do with it?