[Date Prev][Date Next]
binding anonymously when slave tries to replicate
A few weeks ago I posted a question regarding the following:
If the slave is sent an update, a referral is sent to the master which then
propagates the changes. However, I noticed that all updates fail since the
slave tries to update an entry on the master anonymously.
Unfortunately, I did not get a response but John Dalbec's recent post
"allowing anonymous binds from a specific machine" got me thinking.
Would it be a good idea to let the master accept an anonymous bind just
from the slave? If so how can I write the access rule to do this? I was
thinking of the following. Could someone please correct me or offer some
hints as to how they solved this problem.
access to *
by * peername="ip address of the slave:*" write
I'm just afraid that this might be susceptible to IP spoofing and I will
essentially be letting everyone write to the ldap server.
Any thoughts would be greatly appreciated.
Thanks in advance.