Using bind rules, you can indicate that the bind operation must originate from a specific IP address. This is often used to force all directory updates to occur from a given machine or network domain.
The LDIF syntax for setting a bind rule based on an IP address is shown in the following examples:
ip = "IPaddressList" ip != "IPaddressList"
The IPaddressList is a list of one or more comma-separated elements from among any of the following:
A specific IPv4 address, such as 188.8.131.52
An IPv4/CIDR-compliant address, such as 192.168.0.0/16
An IPv4 address with wildcards to specify a subnetwork, such as 12.3.45.*
An IPv4 address or subnetwork with a subnetwork mask, such as 123.45.6.*+255.255.255.192
An IPv6 address with a subnet prefix length, such as ldap://[12AB::CD30:0:0:0:0]/60
The bind rule is evaluated to be true if the client accessing the directory is located at the named IP address. This can be useful for allowing certain kinds of directory access only from a specific subnet or machine. Note that the IP address from which a user authenticates can be spoofed, and can therefore not be trusted. Do not base ACIs on this information alone.