LDAP ACL definition
search cancel

LDAP ACL definition

book

Article ID: 138565

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Using CA LDAP Server for z/OS V15 with TSS security file as backend.

Wanting to restrict the access to a specified IP address and all other access should fail.

Using the following ACL but  access is not limited.

Using using Apache Directory Studio to test the configuration.


database config                             
access to *                                 
  by peername.exact="10\.13\.55\.155" manage
  by * none         

Environment

Release : 15.0

Component : CA LDAP SERVER FOR Z/OS

Cause

invalid definitions

Resolution

the security checking is done within CA LDAP in the mainframe. 
The following works

access to *
by peername.ip=aa\.bb\.cc\.dd dn.regex="tssacid=SDITS*" manage
by peername.ip=xx\.yy\.zz\.tt dn.regex="tssacid=BIEKY*" manage
by * none