Another common use case is to limit client access to the Directory Server. Two methods are available:
  • Connection Handlers. You can limit the IP addresses using the LDAP or LDAPS connection handlers. The connection handlers provide an allowed-client property and a denied-client property. The allowed-client property specifies the set of allowable address masks that can establish connections to the handler. The denied-client property specifies the set of address masks that are not allowed to establish connections to the handler.
  • Client Connection Policies. You can take a more fine-grained approach by restricting access by configuring a new Client Connection Policy, then create a new connection criteria and associate it with the connection policy. Connection criteria define sets of criteria for grouping and describing client connections based on a number of properties, including the protocol, client address, connection security, and authentication state for the connection. Each client connection policy may be associated with zero or more Connection Criteria, and server components may use Connection Criteria to indicate which connections should be processed and what kind of processing should be performed (e.g., to select connections and/or operations for filtered logging, or to classify connections for network groups).