[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allowing anonymous binds from a specific machine

OK, I thought I was having success but then (at least on the LDAP server) things
started to break and I had to revert to universal read access.  I'm running
nss_ldap and nscd.  I wonder whether they might communicate over UNIX sockets. 
Is there a peername setting for UNIX sockets?
John Dalbec

John Dalbec wrote:
> I have a group of 3 machines with a single LDAP server.  I needed to restrict
> access from outside but allow anonymous binds from within the group.  I had
> success with
> access to *
> ...
>         by * peername = "IP:127\.0\.0\.1" read
>         by * peername = "IP:xxx\.yyy\.zzz\.aa[123]" read
> ...
> The "*" before peername is required!