I am running an OpenLDAP server version 2.4.23 and I would like to restrict a user from connecting unless they are connecting via an ldapi connection or localhost. Specifically, I would like to only let the rootdn manage things from localhost or from an ldapi connection, which ensures that they are on localhost. I do not want to prevent other users from connecting to my LDAP server via an ldaps connection from anywhere on the network.

Is this possible? I have read a good bit about access control directives, but I haven't seen what I am looking for. I am guessing that what I am looking for probably deals with 'sockname' or 'sockurl', but I don't know how to use those statements to properly configure slapd.

Thanks,

Kevin