[Date Prev][Date Next] [Chronological] [Thread] [Top]

adding access location and method to an ACL



   I have this ACL in place at the moment and have TLS and ldapi working.

access to attr=userPassword
 by self write
 by anonymous auth
 by * none

access to attr=sambaNTPassword
 by self write
 by anonymous auth
 by * none

access to attr=sambaLMPassword
 by self write
 by anonymous auth
 by * none

access to *
 by * read


Now I need to add some additional controls.
(1) I want local access via the socket /var/run/slapd/ldapi with no encryption required.
(2) I want access from hosts in a private subnet is to be the same, no encryption required, say from 172.19.1.0/27.
(3) I want access from hosts in several public subnets but require encryption, say 172.19.2.0/23, 172.19.6.0/22, and 172.19.11.0/24.
(4) I want access from everywhere else to be denied.



I've read slapd.access and see sockname, sockurl, peer, ssf_tls, ssf_transport and lots of other options that look like they can be combined to accomplish this. I've searched Google, this list, and the FAQ-O-Matic for examples but still don't have much idea how to get started.


   Any assistance would be appreciated.

Thanks,

Jason Joines
=================================