[389-users] Limiting access to specific hosts.
Barry Sitompul
b.sitompul at uq.edu.au
Wed Jul 7 23:23:56 UTC 2010
Hi,
I would specify aci for that user with something like this:
aci:(targetattr = "*")(target = "ldap:///
ou=Restricted,o=tupperware,c=US")(version 3.0; acl "Restricted Read
Access"; allow (read,search,compare) (userdn = "ldap:///
uid=someone,ou=users,o=tupperware,c=US") and (ip="192.168.1.*" or
ip="10.2.3.4" or ip="10.2.3.5" or ip="10.2.3.6") ;)
It doesn't really prevent the uid=someone from logging in but the user
won't be able to read any attributes from the target tree unless
accessing from those IP addresses.
Maybe not really what you are after but just a suggestion.
Cheers,
Bazza
On 08/07/2010, at 5:48 AM, Fairchild, Anthony wrote:
> Hello,
>
> I have gotten 389 directory up and running and am beginning to add
> users, but would like to know how to restrict a user to only logging
> in to a specific host or a group of hosts. Could anybody point me to
> some documentation on this? I don't seem to be having much luck
> finding it through Google.
>
> --
> Anthony
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100708/33552fc5/attachment.html>
More information about the 389-users
mailing list