[Date Prev][Date Next] [Chronological] [Thread] [Top]

binding anonymously when slave tries to replicate

Hello all,

A few weeks ago I posted a question regarding the following:

If the slave is sent an update, a referral is sent to the master which then propagates the changes. However, I noticed that all updates fail since the slave tries to update an entry on the master anonymously.

Unfortunately, I did not get a response but John Dalbec's recent post "allowing anonymous binds from a specific machine" got me thinking.

Would it be a good idea to let the master accept an anonymous bind just from the slave? If so how can I write the access rule to do this? I was thinking of the following. Could someone please correct me or offer some hints as to how they solved this problem.

access to *
   by * peername="ip address of the slave:*" write

I'm just afraid that this might be susceptible to IP spoofing and I will essentially be letting everyone write to the ldap server.

Any thoughts would be greatly appreciated.

Thanks in advance.