Thank you for the reply Please take a look at https://fedorahosted.org/389/ticket/49036 I tried to be descriptive and explaining an environment from a point of view It might help me explain better. By Users, I'm referring to End Users which can use applications - those they are permitted. And I should say that an application checks user's authentication credentials by binding to the directory using them. The expected behaviour is: there be a mechanism where I could place a Rule that userA(DN corresponding to End UserA) can bind to directory only from App1 and not App2 (based on his manager's request). I think, that mechanism must be an ACI Like behaviour in which bind operation(initiated by an application software, say App1) for a user(User DN corresponding to, say, UserA) could be controller by IP (if UserA is allowed to user App1, App1(from IP1) can bind using UserDN of UserA), and if not it should be defined as Deny Rule. Moreover, having that mechanism, like what is doable in directory ACI on other operations(read,write,search,...), we could expect more mature constraints, e.g. time, a certain user attribute, etc. Please let me know what sort of other details could help? or what can I explain. BR -- Mehdi Sarmadi Senior Technical Solutions Engineer Aris System _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
