On 06/28/2016 10:33 AM, Natxo Asenjo wrote:
hi Ludwig,
On Tue, Jun 28, 2016 at 10:03 AM, Ludwig Krispenz <[email protected]
<mailto:[email protected]>> wrote:
On 06/28/2016 09:50 AM, Natxo Asenjo wrote:
I'd like to have internally all sort of ldap access, but
externally onlly certificate based, for example.
If there is a way to do that know that I am not aware of I'd be
very interested to know it as well ;-). Right now we solve this
problems using vpn connections with third parties, but ideally
one could just open the port to the internet if only that kind of
access was allowed.
maybe you can achieve this with access control, there are all kind
of rules to allow access based on client's ip address, domain,
security strength, authentication method - and combinations of them.
Do you mean something like explained here:
http://directory.fedoraproject.org/docs/389ds/design/rootdn-access-control.html
?
I was thinking of something like this (and the other bind rules):
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Bind_Rules.html#Bind_Rules-Defining_Access_Based_on_Authentication_Method
the link you sent is about restraing access of directory manager, which
is not subject to normal acis
Thanks!
--
Groeten,
natxo
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric
Shander
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
