Hi all,
after reading post on the lists regarding acis I was wondering what will
be the preferred way to only grant access to the directory for hosts in
the own network.
On some comments I read that it's generally discouraged to use aci's
with a "not" logic like:
ip != 10.0.0.*
or something like this.
Does this apply to ip address based access too?
My approach would be just someting like:
aci: (targetattr = "*") (version 3.0;acl "Bind from special IPs
only";deny (all) (ip != "192.168.100.*" and ip != "10.0.0.*);)
do allow only from 192.168.100.* networks or from 10.0.0.*.
As long as I understood, I have to define aci's for every base dn
separately if I running multiple databases. Is there any way to define
this for the whole server?
Thanks and Regards
Jan