My Oracle Support Banner

ODSEE - How to Completely Block All Connections and/or Queries From All But a Specific DN (Doc ID 2210499.1)

Last updated on DECEMBER 05, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version 11.1.1.7.3 and later
Information in this document applies to any platform.

Goal


To completely block queries to DSEE

What is the best way to block all connections / queries to DSEE service?

Want to block anyone from querying the LDAP server.

1) Will the ACI below block the admin account?

aci: (target = ldap:///o=<SUFFIX_DN>) (targetscope = subtree) (targetattr="*") (version 3.0; acl "Block All"; deny (all, import, export, proxy) (userdn = "ldap:///anyone") ;)

2) When there are a large amount of ACIs configured which have deny / allow to specific accounts, IP, etc., will the above rule supersede all the other rules?

3) Also to block everyone but a specific DN, what is the method to do that?

Is there another method for it?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.