Topic: LDAP Access Control

[thomas_chan]

Anyone can advise how to force the user to login into SMEServer (valid login id & password) prior to connect LDAP directory ?

I have been created a global address book in LDAP directory but anyone can access it with anonymous login.

I have been tested OK just keyin the proper base name by using MS Outlook, Thunderbird without any required to login into the system.

I need this global address book access by Horde Web mail as well so that I cannot restrict the network mask to access this LDAP global address book.

Pls advise or any other hints recommended ?

[hmuhammad]

The following configuration will...
a) allow webmail access to the global directory  either from the internal or public internet (restricted to valid users--who have to first provide a valid userid/password to logon to access webmail)
b) allow Thunderbird and Outlook access to the global directory for local users (who are on the internal network--with or without a validated logon)
c) disallow external access from the public internet

...the configuration is: from the server-manager->Configuration->Directory panel, set LDAP directory access to 'Allow access only from local network'

Additionally, if you want to allow Thunderbird and Outlook access from the internet--but only to valid users, then one solution is for users to access the internal network using a VPN connection (and don't change the above configuration)

[thomas_chan]

Thank you very much for your advise !!

On the other hand, may I know how to config if I wish to allow the Local Network plus another office network (i.e to specify another IP address range) ? Is it possible to edit the config file directly ? Do you know which config file involved ? Pls advise ?

[thomas_chan]

Thank you very much for your advise !!

On the other hand, may I know how to config if I wish to allow the Local Network plus another office network (i.e to specify another IP address range) ? Is it possible to edit the config file directly ? Do you know which config file involved ? Pls advise ?

[hmuhammad]

from server-manager->Security->Local networks: Add Network