[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allowing anonymous binds from a specific machine

It seems my searching of the archives was insufficiently thorough.  I needed to
use peername="IP=..." instead of peername="IP:...".  It dawned on me that this
might be the case after seeing "IP=..." in the local4.debug messages.  Did the
colon notation work at one time?  Is the '*' optional?
John Dalbec

John Dalbec wrote:
> I have a group of 3 machines with a single LDAP server.  I needed to restrict
> access from outside but allow anonymous binds from within the group.  I had
> success with
> access to *
> ...
>         by * peername = "IP:127\.0\.0\.1" read
>         by * peername = "IP:xxx\.yyy\.zzz\.aa[123]" read
> ...
> The "*" before peername is required!