Hi all-

I'm configuring an OpenLDAP server with the Perl Backend. I've been able to set permissions for search on one of my backends to lock it down based on IP as follows:

access to dn.sub="dc=alias"

by peername.ip=127.0.0.1 read

by peername.ip=10.181.24.193 read

by peername.ip=10.181.35.243 read

by * none

That makes it that only those IP's listed can search and get results from that branch.

I now need to do the same type of thing for another branch, but for authentication instead (i.e. only allow auth to occur if coming from an approved IP). I've tried the following:

access to dn.sub="dc=mfa"

by peername.ip=127.0.0.1 auth

by peername.ip=10.181.24.193 auth

by * none

But no luck. Any ideas/help? If I can't do this with an ACL, if I can get the IP address of the request passed in to the bind function in the Perl backend, I can handle the controls there.

-Etan E. Weintraub

Information Security Architect

IT@Johns Hopkins

Johns Hopkins at Mt. Washington

x-apple-data-detectors://4/ 5801 Smith Ave.

Davis Building x-apple-data-detectors://4/ Suite 3110B

x-apple-data-detectors://5/0 Baltimore, MD 21209

Phone: tel:667-208-6309 667-208-6309

E-mail: mailto:eweintra@jhmi.edu eweintra@jhmi.edu