[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs with ip control



Hello.

I installed openLDAP 2.3.24-1.
I would like to set-up ACls so that anonymous users could access some attributes (mail, telephoneNumber, roomNumber...) as long their ip is 10.0.0.253 (comes from our private network).


Here is the list of all access controls with an arrow in front of the one dedicated to the access mentioned above :

access to attrs=userPassword
	by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
       by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
	by anonymous auth
	by self read
	by * none

access to attrs=mailAlternateAddress,accountStatus,mailMessageStore
	by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
	by dn="cn=mail,ou=DSA,dc=femto-st,dc=org" read
       by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
	by self read
	by users read
	by * none

access to attrs=mail,telephoneNumber,roomNumber,displayName,cn,sn,givenName
	by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
	by dn="cn=mail,ou=DSA,dc=femto-st,dc=org" read
       by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
	by self read
	by users read
   ==> by anonymous peername.ip=10.0.0.253 read
	by * none

access to attrs=uid
	by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
	by dn="cn=siteweb,ou=DSA,dc=femto-st,dc=org" read
       by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
	by self read
	by users read
	by * none

access to *
       by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
	by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
       by self read
       by users read
	by * none


I tried the command below

$> ldapsearch -x -ZZ -H "ldap://raven"; -b "dc=femto-st,dc=org" uid=toto mail

but it gives no result. And the logs don't give me any further information.


Has anybody an idea of what happens and why it does not work ?

Thank you for your answer.

Regards,

--
Emmanuel Aubert

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.