Linux Client authentication, access question

[Karen R McArthur <kmcarthu@bates.edu>]

I currently have an OpenLdap server, v2.0.27, installed on RedHat 9, 
with SASL/TLS authentication to a Kerberos database.  I would like to 
use this as my Linux authentication source.  I am able to do this with 
the following ACLs:

access to attr=gecos
      by dn="cn=manager,dc=my,dc=realm" write
      by dn="uid=ldapadm.+\+(realm=ITS\.MY\.REALM)" write
      by self write
      by * read

access to attr=userPassword
      by dn="cn=manager,dc=my,dc=realm" write
      by dn="uid=ldapadm.+\+(realm=ITS\.MY\.REALM)" write
      by self read
      by anonymous auth

access to attr=homeDirectory,loginShell,host
      by dn="cn=manager,dc=my,dc=realm" write
      by dn="uid=ldapadm.+\+(realm=ITS\.MY\.REALM)" write
      by self read
      by * read

I would like to restict read access to the posix information.  But when 
I remove the by * read, the linux boxes are not able to connect.  I have 
tried the following and none appear to work.  Could someone help me with 
the syntax?

by peername="linuxclient.my.realm" read
by peername=555.555.555.555 read
by peername="ip=555.555.555.555" read
by peername="^IP=555\.555\.555\.555*" read

Or is there another method for these linux boxes to connect?  I have 
tried changing the binddn to manager - but am uncomfortable placing my 
manager password in so many locations.  Possibly proxy access?  How 
would I set that up - I haven't been able to find any good documentation.

Thank you in advance.

--
Karen R. McArthur, Systems Administrator
Bates College, Information and Library Services
Lewiston, Maine 04240
(207) 786-8236 fax:(207) 786-6057
kmcarthu@bates.edu

--
Karen R. McArthur, Systems Administrator
Bates College, Information and Library Services
Lewiston, Maine 04240
(207) 786-8236 fax:(207) 786-6057
kmcarthu@bates.edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature