Project

General

Profile

Bug #646

restrict LDAP service accounts

Added by Marc Dequènes about 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Marc Dequènes
Category:
Service :: IS / AAA / PKI
Start date:
2019-04-21
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
restrict_ldap_service_accounts_646
Entity:
DuckCorp
Security:
Yes
Help Needed:

Description

  • check if only necessary fields are readable
  • limit which IP can auth with these accounts

History

#1

Updated by Marc Dequènes about 4 years ago

  • Status changed from New to In Progress
  • Assignee set to Marc Dequènes
#2

Updated by Marc Dequènes about 4 years ago

  • % Done changed from 0 to 10
  • Branch set to restrict_ldap_service_accounts_646

Unfortunately LDAP IP restrictions do not understand CIDR notation, so I need to convert into <address>%<netmask>.

There is a bug with ipaddr('address') I need to report.

#3

Updated by Marc Dequènes over 3 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 10 to 100

Pilou is kindly taking care of the Ansible bug; I just added a quick workaround.

Also available in: Atom PDF