[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allowing anonymous binds from a specific machine

To: openldap-software@OpenLDAP.org, vegard@svanberg.no
Subject: Re: allowing anonymous binds from a specific machine
From: John Dalbec <jpdalbec@cc.ysu.edu>
Date: Wed, 19 Dec 2001 15:41:07 -0500
Organization: Youngstown State University
References: <3C20F12F.C3DAFD4A@cc.ysu.edu>

OK, I thought I was having success but then (at least on the LDAP server) things
started to break and I had to revert to universal read access.  I'm running
nss_ldap and nscd.  I wonder whether they might communicate over UNIX sockets. 
Is there a peername setting for UNIX sockets?
Thanks,
John Dalbec

John Dalbec wrote:
> 
> I have a group of 3 machines with a single LDAP server.  I needed to restrict
> access from outside but allow anonymous binds from within the group.  I had
> success with
> access to *
> ...
>         by * peername = "IP:127\.0\.0\.1" read
>         by * peername = "IP:xxx\.yyy\.zzz\.aa[123]" read
> ...
> The "*" before peername is required!

Follow-Ups:
- Replication and branching
  - From: Hans Zaunere <hz11@nyu.edu>
- Re: allowing anonymous binds from a specific machine
  - From: Jan-Michael Ong <jmong@adobe.com>

References:
- allowing anonymous binds from a specific machine
  - From: John Dalbec <jpdalbec@cc.ysu.edu>

Prev by Date: Re: how to tell version?
Next by Date: Replication and branching
Index(es):
- Chronological
- Thread