Erwann Abalea wrote:
Can't SNI support be added?
Perhaps. It depends on which version of TLS library is being used.
-- Erwann. Le 14 janv. 2012 13:08, "Howard Chu" <h...@symas.com <mailto:h...@symas.com>> a écrit : > > Ronie Gilberto Henrich wrote: >> >> Hello, >> >> I need to be able to restrict ldap ou's access based on the ldaps://FQDN used to query the ldap server. >> Let say I have the following in my ldap server: >> ou=domain >> ou=raincoatcompany.com <http://raincoatcompany.com> >> ou=umbrellacompany.com <http://umbrellacompany.com> >> >> Considering that both ldap.raincoatcompany.com <http://ldap.raincoatcompany.com> and ldap.umbrellacompany.com <http://ldap.umbrellacompany.com> are resolving to IP address 10.0.0.10 >> So, querying the ldap server using ldaps://ldap.raincoatcompany.com/ou=domain <http://ldap.raincoatcompany.com/ou=domain> should grant access only to the following: >> ou=domain >> ou=raincoatcompany.com <http://raincoatcompany.com> >> Is there any way to accomplish that with OpenLDAP? > > Not possible. slapd only sees the IP address of the incoming connection, it has no way to know what DNS name was used to resolve to that address.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/