On 06/28/2016 10:33 AM, Natxo Asenjo wrote:

hi Ludwig,

On Tue, Jun 28, 2016 at 10:03 AM, Ludwig Krispenz <lkris...@redhat.com <mailto:lkris...@redhat.com>> wrote:

    On 06/28/2016 09:50 AM, Natxo Asenjo wrote:

    I'd like to have internally all sort of ldap access, but
    externally onlly certificate based, for example.

    If there is a way to do that know that I am not aware of I'd be
    very interested to know it as well ;-). Right now we solve this
    problems using vpn connections with third parties, but ideally
    one could just open the port to the internet if only that kind of
    access was allowed.
    maybe you can achieve this with access control, there are all kind
    of rules to allow access based on client's ip address, domain,
    security strength, authentication method - and combinations of them.

Do you mean something like explained here: http://directory.fedoraproject.org/docs/389ds/design/rootdn-access-control.html ?
I was thinking of something like this (and the other bind rules):


the link you sent is about restraing access of directory manager, which is not subject to normal acis


Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to