Hi all-
I’m configuring an OpenLDAP server with the Perl Backend. I’ve been able to set permissions for search on one of my backends to lock it down based on IP as follows:
access to dn.sub="dc=alias"
by peername.ip=127.0.0.1 read
by peername.ip=10.181.24.193 read
by peername.ip=10.181.35.243 read
by * none
That makes it that only those IP’s listed can search and get results from that branch.
I now need to do the same type of thing for another branch, but for authentication instead (i.e. only allow auth to occur if coming from an approved IP). I’ve tried the following:
access to dn.sub="dc=mfa"
by peername.ip=127.0.0.1 auth
by peername.ip=10.181.24.193 auth
by * none
But no luck. Any ideas/help? If I can’t do this with an ACL, if I can get the IP address of the request passed in to the bind function in the Perl backend, I can handle the controls there.
-Etan E. Weintraub
Information Security Architect
IT@Johns Hopkins
Johns Hopkins at Mt. Washington
Davis Building Suite 3110B
Phone: 667-208-6309
E-mail: eweintra@jhmi.edu