[Freeipa-users] multiple ds instances (maybe off-topic)
Ludwig Krispenz
lkrispen at redhat.com
Tue Jun 28 08:51:35 UTC 2016
On 06/28/2016 10:33 AM, Natxo Asenjo wrote:
>
> hi Ludwig,
>
> On Tue, Jun 28, 2016 at 10:03 AM, Ludwig Krispenz <lkrispen at redhat.com
> <mailto:lkrispen at redhat.com>> wrote:
>
>
> On 06/28/2016 09:50 AM, Natxo Asenjo wrote:
>>
>> I'd like to have internally all sort of ldap access, but
>> externally onlly certificate based, for example.
>>
>> If there is a way to do that know that I am not aware of I'd be
>> very interested to know it as well ;-). Right now we solve this
>> problems using vpn connections with third parties, but ideally
>> one could just open the port to the internet if only that kind of
>> access was allowed.
> maybe you can achieve this with access control, there are all kind
> of rules to allow access based on client's ip address, domain,
> security strength, authentication method - and combinations of them.
>
>
> Do you mean something like explained here:
> http://directory.fedoraproject.org/docs/389ds/design/rootdn-access-control.html
> ?
I was thinking of something like this (and the other bind rules):
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Bind_Rules.html#Bind_Rules-Defining_Access_Based_on_Authentication_Method
the link you sent is about restraing access of directory manager, which
is not subject to normal acis
>
> Thanks!
> --
> Groeten,
> natxo
>
>
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160628/72e59f8a/attachment.htm>
More information about the Freeipa-users
mailing list