[Date Prev][Date Next]
Re: allowing anonymous binds from a specific machine
OK, I thought I was having success but then (at least on the LDAP server) things
started to break and I had to revert to universal read access. I'm running
nss_ldap and nscd. I wonder whether they might communicate over UNIX sockets.
Is there a peername setting for UNIX sockets?
John Dalbec wrote:
> I have a group of 3 machines with a single LDAP server. I needed to restrict
> access from outside but allow anonymous binds from within the group. I had
> success with
> access to *
> by * peername = "IP:127\.0\.0\.1" read
> by * peername = "IP:xxx\.yyy\.zzz\.aa" read
> The "*" before peername is required!