On Tue, 2017-06-20 at 08:23 +0200, Karsten Heymann wrote:
Hi John,
2017-06-20 2:02 GMT+02:00 John Lewis oflameo2@gmail.com:
On Mon, 2017-06-19 at 16:46 +0200, Karsten Heymann wrote:
2017-06-19 15:48 GMT+02:00 Howard Chu hyc@symas.com:
Read the slapd.access(5) manpage, use an ACL specifying sockname=xxx for the local port identifier.
Sorry to hijack this thread, but is there anyway to limit which database is reachable on the same port based on domain the in coming connection is trying to use like name based virtual hosting like name based virtual hosting in the apache web server. I want to make the interfaces as friendly as possible without waisting IPv4 addresses.
Yes, that's a standard ldap feature. You differentiate between different databases on the same server by providing different basedns when connecting.
Example: If you have a ldap server with the databases o=companyA and o=companyB, you can (and in fact have to) specify which database/tree you are searching:
ldapsearch -H ldap://<my ldap server>/ -b o=companyA givenName=Bob ldapsearch -H ldap://<my ldap server>/ -b o=companyB givenName=Alive
will search for Bobs in the companyA database and for Alices in the companyB database.
Was that your question?
Best regards Karsten
I know that, but can DNS influence LDAP or are they completely independent and all of the name redirection all the clients responsibility? For example I have two domains stuff.com and junk.net If someone tried to connect to stuff.com of a port that is running stuff.com can it automatically connect them into stuff.com and visa versa or do they need to know where they are going to and would have to see that both sites are running via the DIT and choose which site themselves explicitly?