4.14.3. Configuring policies for LDAP requests

Changing the default behavior of requests can be done using the hash attribute request. The hash is indexed by the request name. The possible values of these hashes are shown in the tables below. See Section 2.1, Policies for requests and responses for details.

ActionDescription
LDAP_REQ_ACCEPT Allow the request to pass.
LDAP_REQ_REJECT Reject the request.
LDAP_REQ_ABORT Terminate the connection.

Table 4.39.  Action codes for LP requests

Example 4.28. Example of the commands usage

In the following example the Ldap proxy allows only BindRequest, UnbindRequest, SearchRequest and CompareRequest requests.

def config(self):
        AbstractLdapProxy.config(self)
        self.request["BindRequest"]     = LDAP_REQ_ACCEPT
        self.request["UnbindRequest"]   = LDAP_REQ_ACCEPT
        self.request["SearchRequest"]   = LDAP_REQ_ACCEPT
        self.request["CompareRequest"]  = LDAP_REQ_ACCEPT
        self.request["*"]               = LDAP_REQ_REJECT