Page created: 24 Jul 2019
|
Page updated: 6 Nov 2019
Another common use case is to limit client access to the Directory Server. Two methods are available:
-
Connection Handlers. You can limit the IP addresses using the LDAP or LDAPS
connection handlers. The connection handlers provide an
allowed-client
property and adenied-client
property. Theallowed-client
property specifies the set of allowable address masks that can establish connections to the handler. Thedenied-client
property specifies the set of address masks that are not allowed to establish connections to the handler. - Client Connection Policies. You can take a more fine-grained approach by restricting access by configuring a new Client Connection Policy, then create a new connection criteria and associate it with the connection policy. Connection criteria define sets of criteria for grouping and describing client connections based on a number of properties, including the protocol, client address, connection security, and authentication state for the connection. Each client connection policy may be associated with zero or more Connection Criteria, and server components may use Connection Criteria to indicate which connections should be processed and what kind of processing should be performed (e.g., to select connections and/or operations for filtered logging, or to classify connections for network groups).