[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP based ACL

Craig Squires wrote:
Just another datapoint on this issue:

I've found using peername.regex was the only way I could get this to
work. None of the "exact" samples I could find anywhere would match.
We're using 2.2.4 here.

Q: is there a performance hit for using .regex rather than an exact

yes: regex always works, exact doesn't in most cases.

Q2: does anyone know what the exact match should be?

in most cases, unpredictable: you need to match the port the OS automatically assigns to your connection.

See http://www.openldap.org/lists/openldap-software/200401/msg00174.html
and related postings; see also
whioch has not been merged to HEAD yet, but it could, since
it's basically frozen right now.  If you think this is what
you need, holler, and you'll be the beta tester :)


Dr. Pierangelo Masarati         mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c.   http://www.sys-net.it

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497