That works! Thanks Noriko - much appreciated!
On Fri, Oct 23, 2015 at 4:25 PM, Noriko Hosoi <[email protected]> wrote: > On 10/23/2015 04:12 PM, Joel Levin wrote: > > Hi All: > > I inserted the first ACI with an IP Address restriction: tested from all > angles but seems to fail when the IP address restricted added. > > ACI template: > > (targetattr = "foobar") (version 3.0;acl "redcap-svc REDCap SA Read > Only";allow (read,compare,search)(userdn = "ldap:///example";) and > (dns="123.123.123.123");) > > What happens if you use "ip" instead of "dns" as in this example? > > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Access_Control_Usage_Examples.html > 13.9.6.1. ACI "HostedCompany1" > In LDIF, to grant HostedCompany1 full access to their own branch of the > directory under the requisite conditions, write the following statement: > > aci:(target="ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com") > (targetattr= "*") (version 3.0; acl "HostedCompany1";allow (all) > (roledn="ldap:///cn=DirectoryAdmin,ou=HostedCompany1, > ou=corporate-clients,dc=example,dc=com") and > (authmethod="ssl") and (dayofweek="Mon,Tues,Wed,Thu") and (timeofday >= > "0800" and > timeofday <= "1800") and (ip="255.255.123.234"); ) > > > Is there an additional configuration to set for IP address restriction to > take hold in 389 DS? > > Thanks. > > > -- > 389 users mailing > [email protected]https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
