Hi All:
I inserted the first ACI with an IP Address restriction: tested from all angles but seems to fail when the IP address restricted added.
ACI template:
(targetattr = "foobar") (version 3.0;acl "redcap-svc REDCap SA Read Only";allow (read,compare,search)(userdn = "ldap:///example") and (dns="123.123.123.123");)
Is there an additional configuration to set for IP address restriction to take hold in 389 DS?
Thanks.
On 10/23/2015 04:12 PM, Joel Levin wrote:
Hi All:
I inserted the first ACI with an IP Address restriction: tested from all angles but seems to fail when the IP address restricted added.
ACI template:
(targetattr = "foobar") (version 3.0;acl "redcap-svc REDCap SA Read Only";allow (read,compare,search)(userdn = "ldap:///example") and (dns="123.123.123.123");)
What happens if you use "ip" instead of "dns" as in this example? https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
13.9.6.1. ACI "HostedCompany1"
In LDIF, to grant |HostedCompany1| full access to their own branch of the directory under the requisite conditions, write the following statement:
aci:(target="ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com") (targetattr= "*") (version 3.0; acl "HostedCompany1";allow (all) (roledn="ldap:///cn=DirectoryAdmin,ou=HostedCompany1, ou=corporate-clients,dc=example,dc=com") and (authmethod="ssl") and (dayofweek="Mon,Tues,Wed,Thu") and (timeofday >= "0800" and timeofday <= "1800") and (ip="255.255.123.234"); )
Is there an additional configuration to set for IP address restriction to take hold in 389 DS?
Thanks.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
That works!
Thanks Noriko - much appreciated!
On Fri, Oct 23, 2015 at 4:25 PM, Noriko Hosoi nhosoi@redhat.com wrote:
On 10/23/2015 04:12 PM, Joel Levin wrote:
Hi All:
I inserted the first ACI with an IP Address restriction: tested from all angles but seems to fail when the IP address restricted added.
ACI template:
(targetattr = "foobar") (version 3.0;acl "redcap-svc REDCap SA Read Only";allow (read,compare,search)(userdn = "ldap:///example") and (dns="123.123.123.123");)
What happens if you use "ip" instead of "dns" as in this example?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht... 13.9.6.1. ACI "HostedCompany1" In LDIF, to grant HostedCompany1 full access to their own branch of the directory under the requisite conditions, write the following statement:
aci:(target="ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com") (targetattr= "*") (version 3.0; acl "HostedCompany1";allow (all) (roledn="ldap:///cn=DirectoryAdmin,ou=HostedCompany1, ou=corporate-clients,dc=example,dc=com") and (authmethod="ssl") and (dayofweek="Mon,Tues,Wed,Thu") and (timeofday >= "0800" and timeofday <= "1800") and (ip="255.255.123.234"); )
Is there an additional configuration to set for IP address restriction to take hold in 389 DS?
Thanks.
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org