User restrictions
You can restrict access using address or time restrictions.
User address restrictions
Administrators can place network address restrictions on a directory user account, and these restrictions are enforced by the directory server. Refer to the directory service documentation for details on the enforcement of address restrictions on LDAP clients, such as a user logging in to a LOM device.
Network address restrictions placed on the user in the directory might not be enforced in the expected manner if the directory user logs in through a proxy server. When a user logs in to a LOM device as a directory user, the LOM device attempts authentication to the directory as that user, which means that address restrictions placed on the user account apply when accessing the LOM device. However, because the user is proxied at the LOM device, the network address of the authentication attempt is that of the LOM device, not that of the client workstation.
IP address range restrictions
IP address range restrictions enable the administrator to specify network addresses that are granted or denied access by the restriction. The address range is typically specified in a
IP address and subnet mask restrictions
IP address and subnet mask restrictions enable the administrator to specify a range of addresses that are granted or denied access by the restriction. This format has similar capabilities as an IP address range but might be more native to your networking environment. An IP address and subnet mask range is typically specified using a subnet address and address bit mask that identifies addresses that are on the same logical network.
In binary math, if the bits of a client machine address, added with the bits of the subnet mask, match the restriction subnet address, then the client machine meets the restriction.
DNS restrictions can cause some ambiguity because a host can be
Using
How user time restrictions are enforced
Administrators can place a time restriction on directory user accounts. Time restrictions limit the ability of the user to log in (authenticate) to the directory. Typically, time restrictions are enforced using the time at