A client-established connection to the PingDirectory server is associated with a client connection policy. Use client connection policies to restrict the kinds of requests that the client can issue and impose resource limits for that connection.
-
Create a simple connection criteria.
The following example uses the dsconfig tool in non-interactive mode. It allows only the Directory Server’s IP address and loopback to have access.
$ bin/dsconfig set-connection-criteria-prop \ --criteria-name allowed-ip-addrs \ --add included-client-address:10.6.1.80 \ --add included-client-address:127.0.0.1
-
Assign the criteria to the client connection policy.
$ bin/dsconfig set-client-connection-policy-prop \ --policy-name new-policy \ --set connection-criteria:allowed-ip-addrs
After you have run the command, access is denied to remote IP addresses. The Directory Server does not require a restart. -
Add a remote IP range to the criteria.
Note:
For the following example, add
10.6.1.*
.$ bin/dsconfig set-connection-criteria-prop \ --criteria-name allowed-ip-addrs \ --add "included-client-address:10.6.1.*"
Access from any remote servers is allowed. The Directory Server does not require a restart. -
To restore default behavior, remove the criteria from the connection policy.
Tip:
Include the LDAP or LDAPS connection parameters, such as host name, port, bindDN, bindPassword, with the dsconfig command.
$ bin/dsconfig set-client-connection-policy-prop \ --policy-name new-policy --remove connection-criteria:allowed-ip-addrs
The Directory Server does not require a restart.