<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <br> <div class="moz-cite-prefix">On 06/28/2016 10:33 AM, Natxo Asenjo wrote:<br> </div> <blockquote cite="mid:CAHBEJzWi=ypna4pQU17zRDbWgnrV0VUy+a=YbDRE8LJ=R9hGeQ@mail.gmail.com" type="cite"> <div dir="ltr"><br> <div class="gmail_extra">hi Ludwig,<br> <br> </div> <div class="gmail_extra"> <div class="gmail_quote">On Tue, Jun 28, 2016 at 10:03 AM, Ludwig Krispenz <span dir="ltr"><<a moz-do-not-send="true" href="mailto:lkrispen@redhat.com" target="_blank">lkrispen@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <div> <div class="h5"> <br> <div>On 06/28/2016 09:50 AM, Natxo Asenjo wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div class="gmail_extra"> <div class="gmail_quote"><br> <div>I'd like to have internally all sort of ldap access, but externally onlly certificate based, for example.<br> <br> </div> <div>If there is a way to do that know that I am not aware of I'd be very interested to know it as well ;-). Right now we solve this problems using vpn connections with third parties, but ideally one could just open the port to the internet if only that kind of access was allowed.<br> </div> </div> </div> </div> </blockquote> </div> </div> maybe you can achieve this with access control, there are all kind of rules to allow access based on client's ip address, domain, security strength, authentication method - and combinations of them.<span class=""></span> </div> <br> </blockquote> </div> <br> </div> <div class="gmail_extra">Do you mean something like explained here: <a moz-do-not-send="true" href="http://directory.fedoraproject.org/docs/389ds/design/rootdn-access-control.html">http://directory.fedoraproject.org/docs/389ds/design/rootdn-access-control.html</a> ?<br> </div> </div> </blockquote> I was thinking of something like this (and the other bind rules): <br> <br> <a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Bind_Rules.html#Bind_Rules-Defining_Access_Based_on_Authentication_Method">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Bind_Rules.html#Bind_Rules-Defining_Access_Based_on_Authentication_Method</a><br> <br> the link you sent is about restraing access of directory manager, which is not subject to normal acis<br> <blockquote cite="mid:CAHBEJzWi=ypna4pQU17zRDbWgnrV0VUy+a=YbDRE8LJ=R9hGeQ@mail.gmail.com" type="cite"> <div dir="ltr"> <div class="gmail_extra"><br> </div> <div class="gmail_extra">Thanks!<br> </div> <div class="gmail_extra"> <div class="gmail_signature" data-smartmail="gmail_signature">--<br> Groeten,<br> natxo</div> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> </blockquote> <br> <pre class="moz-signature" cols="72">-- Red Hat GmbH, <a class="moz-txt-link-freetext" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander</pre> </body> </html>