On 10/23/2015 04:12 PM, Joel Levin wrote:
Hi All:
I inserted the first ACI with an IP Address restriction: tested from
all angles but seems to fail when the IP address restricted added.
ACI template:
(targetattr = "foobar") (version 3.0;acl "redcap-svc REDCap SA Read
Only";allow (read,compare,search)(userdn = "ldap:///example") and
(dns="123.123.123.123");)
What happens if you use "ip" instead
of "dns" as in this example?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10...
13.9.6.1. ACI "HostedCompany1"
In LDIF, to grant |HostedCompany1| full access to their own branch of
the directory under the requisite conditions, write the following
statement:
aci:(target="ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com")
(targetattr= "*") (version 3.0; acl "HostedCompany1";allow
(all)
(roledn="ldap:///cn=DirectoryAdmin,ou=HostedCompany1,
ou=corporate-clients,dc=example,dc=com") and
(authmethod="ssl") and (dayofweek="Mon,Tues,Wed,Thu") and
(timeofday >= "0800" and
timeofday <= "1800") and (ip="255.255.123.234"); )
Is there an additional configuration to set for IP address restriction
to take hold in 389 DS?
Thanks.
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users