[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL issues with peername



Hi everyone,

Since most of the client software we use here (Mac OSX Address Book on Panther) doesn't seem to support authenticated lookups, we're planning on just allowing anonymous address book lookups to the staff network (10.*.*.*). Everything I've read says that this should work:

access to dn.children="ou=people,dc=berklee,dc=edu" attrs=cn,sn,mail,givenName,telephoneNumber
by users read
by peername="10.*.*.*" read
by * break


It doesn't. If I stick "by anonymous read" in there, it, of course, works fine.

The short log entry looks like this when I try to search:

Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 fd=12 ACCEPT from IP=10.40.15.2:49927 (IP=0.0.0.0:389)
Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=0 BIND dn="" method=128
Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=0 RESULT tag=97 err=0 text=
Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=1 SRCH base="ou=people,dc=berklee,dc=edu" scope=2 deref=0 filter="(| (givenName=sean*)(sn=sean*)(cn=sean*)(mail=sean*))"
Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=1 SRCH attr=givenName sn cn mail telephoneNumber facsimileTelephoneNumber o title ou buildingName street l st postalCode c jpegPhoto mobile co pager destinationIndicator labeledURI IMHandle
Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=2 UNBIND
Jul 1 12:46:39 ldapchild3 slapd[22753]: conn=3 fd=12 closed


So, the IP seems, to me, correct, but I'm not sure what that IP in parentheses is.

Any thoughts?

Thanks!

Sean

-------
Sean Hussey
Web Database Specialist
Berklee College of Music
617-747-2926

Attachment: smime.p7s
Description: S/MIME cryptographic signature