Page created: 6 Nov 2019
|
Page updated: 25 Mar 2020
| 1 min read
8.0 Product PingDirectory Administrator Audience IT Administrator System Administrator Software Deployment Method Administration User task Directory Capability
-
Create a simple connection criteria. The following example uses the
dsconfig tool in non-interactive mode. It allows only the
Directory Server’s IP address and
loopback to have access.
$ bin/dsconfig set-connection-criteria-prop \ --criteria-name allowed-ip-addrs \ --add included-client-address:10.6.1.80 \ --add included-client-address:127.0.0.1
-
Assign the criteria to the client connection policy. After you have run the
following command, access is denied to remote IP addresses. The Directory Server does not require a
restart.
$ bin/dsconfig set-client-connection-policy-prop \ --policy-name new-policy \ --set connection-criteria:allowed-ip-addrs
-
Add a remote IP range to the criteria. For this example, add 10.6.1.*. Access
from any remote servers is allowed. The Directory Server does not require a
restart.
$ bin/dsconfig set-connection-criteria-prop \ --criteria-name allowed-ip-addrs \ --add "included-client-address:10.6.1.*"
-
To restore default behavior, you can remove the criteria from the connection
policy. The Directory Server does not
require a restart. Remember to include the LDAP or LDAPS connection parameters
(for example, host name, port, bindDN, bindPassword) with the
dsconfig command.
$ bin/dsconfig set-client-connection-policy-prop \ --policy-name new-policy --remove connection-criteria:allowed-ip-addrs