[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs with ip control



Quoting Aaron Richton <richton@nbcs.rutgers.edu>:

I also run "slaptest -d acl" and it does note mention any error on this line. However, I have a warning "warning: cannot assess the validity of the ACLscope within backend naming context" on line "by * none". Do you know what the reason is ?
All your statements in your first message are "access to *" either implicitly or explicitly. Outside of the root, "*" might not match everything that you'd think it from a casual reading. So if you have (for instance) those statements under a "suffix dc=femto-st,dc=org", slapd is warning you that "access to dn.subtree="dc=femto-st,dc=org"" might be a lot more intuitive to a quick read.

I set up "by anonymous peername.ip=10.0.0.253 read" as I saw it in the opneLDAP FAQ (http://www.openldap.org/faq/index.cgi?file=454). The ANDed setup seem to be allowed.
OK, if that's valid syntax, then try slapd -d acl and see what's actually happening?


Hello.

When I start slapd with slapd -d acl, the server starts normally. Evn if there are warning messages. The ending message is "slapd starting".

Emmanuel

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.