"Paul B. Henson" henson@acm.org schrieb am 19.11.2020 um 20:28 in Nachricht
3caa7199-fb23-5cf8-07f5-1bfbac50b8a5@acm.org:
On 11/18/2020 11:05 PM, Ulrich Windl wrote:
I wonder: Would it be possible to use a specific named bind for on-campus hosts, and use the name used for binding to controll further access?
Hmm, I'm not completely sure what you mean here? Do you mean an authenticated bind? Our current IP address access control allows
Yes, authenticated ("named" vs. anonymous) binds.
anonymous users on campus access to attributes that anonymous users off-campus cannot get to, and it also limits authenticated binds for non-service accounts to on campus only.
I'm aware that this might require a change like having to use an authenticated bind for "get more" from LDAP (as opposed to anonymous binds).
Regards, Ulrich