Project

General

Profile

Bug #646

restrict LDAP service accounts

Added by Marc Dequènes 5 months ago. Updated 5 months ago.

Status:
In Progress
Priority:
Urgent
Category:
Service :: IS / AAA / PKI
Start date:
2019-04-21
Due date:
% Done:

10%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
restrict_ldap_service_accounts_646
Entity:
DuckCorp
Security:
Yes
Help Needed:

Description

  • check if only necessary fields are readable
  • limit which IP can auth with these accounts

History

#1

Updated by Marc Dequènes 5 months ago

  • Status changed from New to In Progress
  • Assignee set to Marc Dequènes
#2

Updated by Marc Dequènes 5 months ago

  • % Done changed from 0 to 10
  • Branch set to restrict_ldap_service_accounts_646

Unfortunately LDAP IP restrictions do not understand CIDR notation, so I need to convert into <address>%<netmask>.

There is a bug with ipaddr('address') I need to report.

Also available in: Atom PDF