Page created: 15 Jul 2022 |
Page updated: 5 Dec 2022
A client-established connection to the PingDirectory server is associated with a client connection policy. Use client connection policies to restrict the kinds of requests that the client can issue and impose resource limits for that connection.
Create a simple connection criteria.
The following example uses the dsconfig tool in non-interactive mode. It allows only the server’s IP address and loopback to have access.
$ bin/dsconfig set-connection-criteria-prop \ --criteria-name allowed-ip-addrs \ --add included-client-address:10.6.1.80 \ --add included-client-address:127.0.0.1
Assign the criteria to the client connection policy.
$ bin/dsconfig set-client-connection-policy-prop \ --policy-name new-policy \ --set connection-criteria:allowed-ip-addrsAfter you have run the command, access is denied to remote IP addresses. The server does not require a restart.
Add a remote IP range to the criteria.
For the following example, add
$ bin/dsconfig set-connection-criteria-prop \ --criteria-name allowed-ip-addrs \ --add "included-client-address:10.6.1.*"Access from any remote servers is allowed. The server does not require a restart.
To restore default behavior, remove the criteria from the connection policy.
Include the LDAP or LDAPS connection parameters, such as host name, port, bindDN, bindPassword, with the dsconfig command.
$ bin/dsconfig set-client-connection-policy-prop \ --policy-name new-policy --remove connection-criteria:allowed-ip-addrsThe server does not require a restart.