Two methods are available to limit client access to the Directory Server.
You can limit the IP addresses using the LDAP or LDAPS connection handlers. The
connection handlers provide an
allowed-client property and a
denied-client property. The
specifies the set of allowable address masks that can establish connections to the
denied-client property specifies the set of address masks
that are not allowed to establish connections to the handler.
Client Connection Policies
For a more fine-grained approach, restrict access by configuring a new client connection policy. Then, create a new connection criteria and associate it with the connection policy. A connection criteria defines sets of criteria for grouping and describing client connections based on a number of properties, including the protocol, client address, connection security, and authentication state for the connection. Each client connection policy can be associated with zero or more connection criteria. Server components can use connection criteria to indicate which connections to process and what kind of processing to perform, such as to select connections and operations for filtered logging or to classify connections for network groups.