[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allowing anonymous binds from a specific machine

To: openldap-software@OpenLDAP.org, vegard@svanberg.no
Subject: Re: allowing anonymous binds from a specific machine
From: John Dalbec <jpdalbec@cc.ysu.edu>
Date: Wed, 19 Dec 2001 16:30:06 -0500
Organization: Youngstown State University
References: <3C20F12F.C3DAFD4A@cc.ysu.edu>

It seems my searching of the archives was insufficiently thorough.  I needed to
use peername="IP=..." instead of peername="IP:...".  It dawned on me that this
might be the case after seeing "IP=..." in the local4.debug messages.  Did the
colon notation work at one time?  Is the '*' optional?
Thanks,
John Dalbec

John Dalbec wrote:
> 
> I have a group of 3 machines with a single LDAP server.  I needed to restrict
> access from outside but allow anonymous binds from within the group.  I had
> success with
> access to *
> ...
>         by * peername = "IP:127\.0\.0\.1" read
>         by * peername = "IP:xxx\.yyy\.zzz\.aa[123]" read
> ...
> The "*" before peername is required!

References:
- allowing anonymous binds from a specific machine
  - From: John Dalbec <jpdalbec@cc.ysu.edu>

Prev by Date: acl trouble
Next by Date: Re: allowing anonymous binds from a specific machine
Index(es):
- Chronological
- Thread