Defining Access From A Specific Ip Address; Defining Access From A Specific Domain - Netscape DIRECTORY SERVER 6.1 - ADMINISTRATOR Administrator's Manual

Bind Rules

Defining Access From a Specific IP Address

Using bind rules, you can indicate that the bind operation must originate from a
specific IP address. This is often used to force all directory updates to occur from a
given machine or network domain.
The LDIF syntax for setting a bind rule based on an IP address is as follows:
ip = "IP_address" or ip != "IP_address"
The IP address must be expressed in dot notation.You can use the wildcard
character (*) to include multiple machines. For example, the following string is
valid:
ip = "12.123.1.*";
The bind rule is evaluated to be true if the client accessing the directory is located at
the named IP address. This can be useful for allowing certain kinds of directory
access only from a specific subnet or machine.
For example, you could use a wildcard IP address such as 12.3.45.* to specify a
specific subnetwork or 123.45.6.*+255.255.255.115 to specify a subnetwork mask.
From the Server Console, you can define specific machines to which the ACI
applies through the Access Control Editor. For more information, see "Creating
ACIs From the Console," on page 229.

Defining Access from a Specific Domain

A bind rule can specify that the bind operation must originate from a particular
domain or host machine. This is often used to force all directory updates to occur
from a given machine or network domain.
The LDIF syntax for setting a bind rule based on the DNS host name is as follows:
dns = "DNS_Hostname" or dns != "DNS_Hostname"
CAUTION
224 Netscape Directory Server Administrator's Guide • August 2002
The keyword requires that the naming service used on your
dns
machine is DNS. If the name service is not DNS, you should use the
keyword instead.
ip