Two methods are available to limit client access to the PingDirectory server.
Connection Handlers
You can limit the IP addresses using the LDAP or LDAPS connection handlers. The
connection handlers provide an allowed-client
property and a
denied-client
property. The allowed-client
property
specifies the set of allowable address masks that can establish connections to the
handler. The denied-client
property specifies the set of address masks
that are not allowed to establish connections to the handler.
Client Connection Policies
For a more fine-grained approach, restrict access by configuring a new client connection policy. Then, create a new connection criteria and associate it with the connection policy. A connection criteria defines sets of criteria for grouping and describing client connections based on several properties, including the protocol, client address, connection security, and authentication state for the connection. Each client connection policy can be associated with zero or more connection criteria. Server components can use connection criteria to indicate which connections to process and what kind of processing to perform, such as to select connections and operations for filtered logging or to classify connections for network groups.