Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Defining IP based access for 389 DS users

    I've installed 389 DS on fedora 14.Everything works fine except when Im trying to define host based access to 389 DS users.When I tried to search for a soln, everywhere I could see that this is possible by this way:- Right click the user --> Acess control Permissions -->Target-->Rights--> Hosts --> and selected "ip address host filter" -->and gave the ip address of the machine from which the user is allowed to login. But in vain the user when tries to login from other IP's , he's allowed as well.So I was confused.Later I did some workarounds and came to the conclusion that by default all users are given full rights for everything- so there is no point in mentioning the Hosts from which the user is allowed to login.So I manually edited the ACI to deny all rights to the user if he is trying to login from a differnt IP than he's allowed to.Please find below the one I made for one user:

    (targetattr = "*")
    (target = "ldap:///uid=jmathew,ou=People,dc=mydomain,dc=edu")
    (version 3.0;
    acl "deny-ip";
    deny (all)
    (userdn != "ldap:///uid=jmathew,ou=People,dc=mydomain,dc=edu") and

    This worked perfectly for Linux clients.The user was not able to login if he's not from the alloted IP Address.

    But when I tried to Login via PGina Windows client in Windows XP Pro,these restrictions did not apply.All the users were able to login from any IP bypassing the deny ACI which I have made in the LDAP server.Tried out many workarounds and fed up now.

    So , basically what I'm looking for is a solution to define IP based restrictions to LDAP(389 DS) users who are using PGina client on Windows XP Pro.

    Your help in this regard would be appreciated.

    Jomy Mathew

  2. #2
    Waiting for your valuable replies on this issue

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts