On 10/23/2015 04:12 PM, Joel Levin wrote:
What happens if you use "ip" instead of "dns" as in this example?Hi All:I inserted the first ACI with an IP Address restriction: tested from all angles but seems to fail when the IP address restricted added.
ACI template:
(targetattr = "foobar") (version 3.0;acl "redcap-svc REDCap SA Read Only";allow (read,compare,search)(userdn = "ldap:///example") and (dns="123.123.123.123");)
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Access_Control_Usage_Examples.html
13.9.6.1. ACI "HostedCompany1"
In LDIF, to grantHostedCompany1full access to their own branch of the directory under the requisite conditions, write the following statement:aci:(target="ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com") (targetattr= "*") (version 3.0; acl "HostedCompany1";allow (all) (roledn="ldap:///cn=DirectoryAdmin,ou=HostedCompany1, ou=corporate-clients,dc=example,dc=com") and (authmethod="ssl") and (dayofweek="Mon,Tues,Wed,Thu") and (timeofday >= "0800" and timeofday <= "1800") and (ip="255.255.123.234"); )Thanks.
Is there an additional configuration to set for IP address restriction to take hold in 389 DS?
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users