How to restrict user based on ip address in openldap
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
In organization we have setup ldap using openldap, i access it with GUI phpldapadmin.
we have one requirement to allow access some user from specific IPAddress.
I searched but still not able to get the exact solution.
example.ldif
dn: cn=xyz,ou=Person,dc=example,dc=com
cn: xyz
gidnumber: 570
homedirectory: /home/users/xyz
iphostnumber: 10.10.0.0
loginshell: /sbin/nologin
mail: xyz@example.com
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: ipHost
postaladdress: 123xyz
sn: XYZ
uid: xyz
uidnumber: 1012
so we want xyz user should able to access openldap from iphostnumber: 10.10.0.0
linux ubuntu centos ldap openldap
asked May 17 at 10:24
Vinay Gupta
941313
add a comment |Â
up vote
0
down vote
favorite
In organization we have setup ldap using openldap, i access it with GUI phpldapadmin.
we have one requirement to allow access some user from specific IPAddress.
I searched but still not able to get the exact solution.
example.ldif
dn: cn=xyz,ou=Person,dc=example,dc=com
cn: xyz
gidnumber: 570
homedirectory: /home/users/xyz
iphostnumber: 10.10.0.0
loginshell: /sbin/nologin
mail: xyz@example.com
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: ipHost
postaladdress: 123xyz
sn: XYZ
uid: xyz
uidnumber: 1012
so we want xyz user should able to access openldap from iphostnumber: 10.10.0.0
linux ubuntu centos ldap openldap
asked May 17 at 10:24
Vinay Gupta
941313
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
In organization we have setup ldap using openldap, i access it with GUI phpldapadmin.
we have one requirement to allow access some user from specific IPAddress.
I searched but still not able to get the exact solution.
example.ldif
dn: cn=xyz,ou=Person,dc=example,dc=com
cn: xyz
gidnumber: 570
homedirectory: /home/users/xyz
iphostnumber: 10.10.0.0
loginshell: /sbin/nologin
mail: xyz@example.com
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: ipHost
postaladdress: 123xyz
sn: XYZ
uid: xyz
uidnumber: 1012
so we want xyz user should able to access openldap from iphostnumber: 10.10.0.0
linux ubuntu centos ldap openldap
asked May 17 at 10:24
Vinay Gupta
941313
In organization we have setup ldap using openldap, i access it with GUI phpldapadmin.
we have one requirement to allow access some user from specific IPAddress.
I searched but still not able to get the exact solution.
example.ldif
dn: cn=xyz,ou=Person,dc=example,dc=com
cn: xyz
gidnumber: 570
homedirectory: /home/users/xyz
iphostnumber: 10.10.0.0
loginshell: /sbin/nologin
mail: xyz@example.com
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: ipHost
postaladdress: 123xyz
sn: XYZ
uid: xyz
uidnumber: 1012
so we want xyz user should able to access openldap from iphostnumber: 10.10.0.0
linux ubuntu centos ldap openldap
asked May 17 at 10:24
Vinay Gupta
941313
edited May 17 at 10:40
asked May 17 at 10:24
Vinay Gupta
941313
asked May 17 at 10:24
Vinay Gupta
941313
asked May 17 at 10:24
Vinay Gupta
941313
941313
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
You can do this by creating appropriate ACLs in your directory. Take a look at this forum thread in which the OP wants to have an IP address-based (and also filter based) access control to the directory. There are examples for IP-based ACLs which might help you. Perhaps, something like this:
access to *
by peername.ip=10.10.0.0 read
by * none
Of course, don't forget to read the OpenLDAP slapd.access manual.
answered May 17 at 20:27
Bora
1495
Thanks...after reading slapd.access manual it is more clear how to do restriction on openldap.
– Vinay Gupta
May 24 at 9:18
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
You can do this by creating appropriate ACLs in your directory. Take a look at this forum thread in which the OP wants to have an IP address-based (and also filter based) access control to the directory. There are examples for IP-based ACLs which might help you. Perhaps, something like this:
access to *
by peername.ip=10.10.0.0 read
by * none
Of course, don't forget to read the OpenLDAP slapd.access manual.
answered May 17 at 20:27
Bora
1495
Thanks...after reading slapd.access manual it is more clear how to do restriction on openldap.
– Vinay Gupta
May 24 at 9:18
add a comment |Â
up vote
0
down vote
accepted
You can do this by creating appropriate ACLs in your directory. Take a look at this forum thread in which the OP wants to have an IP address-based (and also filter based) access control to the directory. There are examples for IP-based ACLs which might help you. Perhaps, something like this:
access to *
by peername.ip=10.10.0.0 read
by * none
Of course, don't forget to read the OpenLDAP slapd.access manual.
answered May 17 at 20:27
Bora
1495
Thanks...after reading slapd.access manual it is more clear how to do restriction on openldap.
– Vinay Gupta
May 24 at 9:18
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
You can do this by creating appropriate ACLs in your directory. Take a look at this forum thread in which the OP wants to have an IP address-based (and also filter based) access control to the directory. There are examples for IP-based ACLs which might help you. Perhaps, something like this:
access to *
by peername.ip=10.10.0.0 read
by * none
Of course, don't forget to read the OpenLDAP slapd.access manual.
answered May 17 at 20:27
Bora
1495
You can do this by creating appropriate ACLs in your directory. Take a look at this forum thread in which the OP wants to have an IP address-based (and also filter based) access control to the directory. There are examples for IP-based ACLs which might help you. Perhaps, something like this:
access to *
by peername.ip=10.10.0.0 read
by * none
Of course, don't forget to read the OpenLDAP slapd.access manual.
answered May 17 at 20:27
Bora
1495
answered May 17 at 20:27
Bora
1495
answered May 17 at 20:27
Bora
1495
answered May 17 at 20:27
Bora
1495
1495
Thanks...after reading slapd.access manual it is more clear how to do restriction on openldap.
– Vinay Gupta
May 24 at 9:18
add a comment |Â
Thanks...after reading slapd.access manual it is more clear how to do restriction on openldap.
– Vinay Gupta
May 24 at 9:18
Thanks...after reading slapd.access manual it is more clear how to do restriction on openldap.
– Vinay Gupta
May 24 at 9:18
Thanks...after reading slapd.access manual it is more clear how to do restriction on openldap.
– Vinay Gupta
May 24 at 9:18
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f444332%2fhow-to-restrict-user-based-on-ip-address-in-openldap%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
