Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

3

How to put an IP address based limit to authentication of users?

By
Ahmet Altinisik
on 2/13/13, 6:21 AM 3,861 views

I would like to put some IP restrictions on login so some users can only connect from their designated workstations. How can I achieve this?

AFAIK there is no such control mechanism in openERP, can I achieve this by moving authentication to the another entity like LDAP or OpenID ?

Regards,

1
Geoff Galik
On 2/24/13, 4:39 AM
Still Can't Post Hyperlinks (*grrrrrrr). Please edit as per inline pseudocode.

You're machine's firewall(s) is where policies are enforced concerning the handling of network packets, including connection specific access restrictions for IP ranges. Setting rules like allowing/denying service based on the source's IP address is, in fact, the purpose of a firewall.

If you're running a Linux-based system you can configure the kernel's firewall with iptables.

[href="help.ubuntu.com/community/Iptables"]HowToUbuntu's guide on iptables.[/href] Even though it's from Ubuntu, this guide should be relevant to any Linux system.

[href="serverfault.com/questions/30026/whitelist-allowed-ips-in-out-using-iptables"]Advice specific to allowing ip's[/href]

[href="serverfault.com/questions/248384/allow-iptables-to-allow-ip-range-only-on-specifc-port"]Advice specific to allowing ip ranges for specific ports.[/href]

[href="wiki.debian.org/iptables"]Debian's guide on iptables[/href]. Also includes links for a few less technical tools.

If you are running a *nix system, you also may be able to accomplish what you're trying to do by adding entries in the 'hosts.allow' and 'hosts.deny' files respectively (if OpenERP supports it); I would still recommend using your firewall (see [href="https://bbs.archlinux.org/viewtopic.php?id=77481"]this link[/href].

I want to add IP restrictions on login so some users can only connect from their designated workstations. So If I put restrictions in firewall level no one will be able to login from that machine.

Altınkaya Elektronik Cihaz Kutuları imalat Ticaret ltd sti, Ahmet Altinisik
on 2/24/13, 5:05 PM

What OS are you running?

Geoff Galik
on 2/24/13, 11:21 PM

sudo apt-get install firestarter && sudo firestarter, then go through wizard. After wizard is done, go to 'Policy' tab and create new.

Geoff Galik
on 2/25/13, 5:54 PM

Geoff firewall cannot solve my problem. I want to limit connection based on users and ip.

Altınkaya Elektronik Cihaz Kutuları imalat Ticaret ltd sti, Ahmet Altinisik
on 2/27/13, 3:18 PM

Set up a reverse proxy. It'll require two levels of authentication but Nginx or Apache should do it: http://serverfault.com/questions/311710/how-to-act-differently-according-to-the-ip-address-with-nginx

Geoff Galik
on 3/1/13, 11:45 PM

http://stackoverflow.com/questions/3828971/apache-authentification-letting-users-from-x-ip-address-in-without-required-pa

Geoff Galik
on 3/1/13, 11:49 PM

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)

Stats

Asked: 2/13/13, 6:21 AM
Seen: 3861 times
Last updated: 12/18/15, 4:49 AM