[Date Prev][Date Next]
Re: allowing anonymous binds from a specific machine
I've done the following before and that worked for me
access to *
by peername="ip:xxx\.yyy\.zzz\.zz:*" read
try that and see if it works. The format for most binds are (at least from
what I can see in the logs are):
Dec 19 02:10:42 myserver slapd: daemon: conn=0 fd=10 connection from
IP=126.96.36.199:23833 (IP=0.0.0.0:0) accepted.
notice the socket number? so I think that should work
At 03:41 PM 12/19/2001 -0500, you wrote:
OK, I thought I was having success but then (at least on the LDAP server)
started to break and I had to revert to universal read access. I'm running
nss_ldap and nscd. I wonder whether they might communicate over UNIX
Is there a peername setting for UNIX sockets?
John Dalbec wrote:
> I have a group of 3 machines with a single LDAP server. I needed to
> access from outside but allow anonymous binds from within the group. I had
> success with
> access to *
> by * peername = "IP:127\.0\.0\.1" read
> by * peername = "IP:xxx\.yyy\.zzz\.aa" read
> The "*" before peername is required!