Re: How to control the BIND operation using ACI | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Dear Andrey,I did not make clear one point here. My exact ACI requirement is like this, I need to deny bind operation when the connecting DN belongs to certain group and the request is coming from certain ip address. How to do it in ACI?. More specifically we have one INTERNET group and one EMAIL group. If a person is in INTERNET group he will be allowed to authenticate (BIND) only from squid proxy server Simillarly if a person belongs to EMAIL grooup he will be allowed to authenticate (BIND) only from email server. We are unable to acheive this type of control using ACI. Please help.
regards murthy Andrey Ivanov wrote:
You can do it like this, for example : ---------------------------------- aci: (targetattr = "uniqueMember || uidNumber || gidNumber || homeDirectory || loginShell || gecos")(version 3.0; acl "Enable attributes to read for certain ip adresses and to authentified users"; allow (read,search,compare)(((ip="192.168.0.*") or (ip="172.16.191.* ") or (ip="192.168.1.15") or (ip="172.16.126.1")) and (userdn="ldap:///all";));) ------------------------------------ Or you can simply use iptables... 2008/5/8 C.S.R.C.Murthy <murthy@xxxxxxxxxxx>:Hello all, Iam using directory server for squid ldap authentication. Squid takes username/password, binds the directory server and if the BIND operation is successful it allows the user through proxy. My problem is how to specify an ACI so that BIND operation is allowed only from certain IP address?. ACI allows me to restrict READ/SEARCH/WRITE operations but not BIND operation. Please help.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
begin:vcard fn:murthy chandragiri n:chandragiri;murthy email;internet:murthy@xxxxxxxxxxx tel;work:+91-22-25595217 version:2.1 end:vcard
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Fedora Directory Devel] [Fedora Announce] [Fedora Legacy Announce] [Home] [Fedora Tools] [Kernel] [Fedora Legacy] [Share Photos] [Fedora Desktop] [PAM] [Red Hat Watch] [Red Hat Development] [Red Hat 9 Bible] [Red Hat 9] [Big List of Linux Books] [Gimp] [Yosemite News]