Don Zoomik

Asked: 2019-03-15 23:57:53 +0800 CST2019-03-15 23:57:53 +0800 CST 2019-03-15 23:57:53 +0800 CST

Limit auth permission in in OpenLDAP proxy to Active Directory

Scenario: I need to publish internal Active Directory to SaaS platforms over public Internet. I'm going to use OpenLDAP to filter access. Access to OpenLDAP will be limited by firewall IP whitelist.

I've managed to configure OpenLDAP to only allow access to required objects (groups and accounts required to SaaS platform, only required attributes).

However I cannot figure out, if I can limit which account can authenticate to proxy. So far any account in Active Directory can bind. I don't fully trust the SaaS platforms and I'd like to limit possible password guess attacks via SaaS platforms. I've tried following syntax, but still anyone can bind:

access to dn.exact="objectDN"
  by * auth

access to *
  by * none

Is there a way to limit accounts allowed to authenticate?

Limit auth permission in in OpenLDAP proxy to Active Directory

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Limit auth permission in in OpenLDAP proxy to Active Directory

0 Answers