On Mon, 2017-06-19 at 16:46 +0200, Karsten Heymann wrote:
Hi Howard,
perfect, thank you. I missed that one, I searched the documentation for "port", "listen" and "limit" but didn't think about the socket term. I guess for urls it's sockurl, sockname seems to be ment for the socket (file) name.
Best regards Karsten
2017-06-19 15:48 GMT+02:00 Howard Chu hyc@symas.com:
Karsten Heymann wrote:
Hi,
short question: If I configure slapd to listen to several ports and have several databases configured, is there a way to limit which database is visible on which port? I want to use a single slapd instance to serve multiple databases (slapd-meta instances to be exact) and for each database want to use a dedicated listening port, somehow like port-based virtual hosts in the apache web server. The reason is that I want to define different firewall rules for the different databases. Is this possible with openldap?
Read the slapd.access(5) manpage, use an ACL specifying sockname=xxx for the local port identifier.
Best regards Karsten
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Sorry to hijack this thread, but is there anyway to limit which database is reachable on the same port based on domain the in coming connection is trying to use like name based virtual hosting like name based virtual hosting in the apache web server. I want to make the interfaces as friendly as possible without waisting IPv4 addresses.
Does the <dnstyle> directive have anything to do with it?