[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL tricks

To: <openldap-software@OpenLDAP.org>
Subject: ACL tricks
From: "Paul Makepeace" <Paul.Makepeace@realprogrammers.com>
Date: Fri, 16 Apr 1999 14:31:08 -0500

Is it possible to restrict (for example) writes to a specific DN coming from
a specific IP from slapd alone?

Currently there is a tremendous hack of cascading negating regexes like:

access          to *
                by addr="^1[^6].*" read
                by addr="^16[^3].*" read
                by addr="^163\.[^1].*" read
                by addr="^163\.1[^8].*" read
                by addr="^163\.18[^5].*" read
                by addr="^163\.185\.[^1].*" read
                by addr="^163\.185\.1[^8].*" read
                by addr="^163\.185\.18\.[^2].*" read
                by addr="^163\.185\.18\.2[^3].*" read
                by addr="^163\.185\.18\.23[^0]" read
                by dn="cn=LDAP Replication  100000,ou=role,o=SLB,c=AN" write

This is basically implementing a negated match which seems would be a useful
additional generally to the ACL. I didn't see an obvious way to do this from
the Admin. Guide.

Paul

Prev by Date: Little performance remark & question.
Next by Date: Open LDAP installation on Solaris 2.6 (SPARC)
Index(es):
- Chronological
- Thread