[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs with ip control



Thank your so quick answer.

I already tried with only by peername.ip="10.0.0.253" read
But it is the same result.

I set up "by anonymous peername.ip=10.0.0.253 read" as I saw it in the opneLDAP FAQ (http://www.openldap.org/faq/index.cgi?file=454). The ANDed setup seem to be allowed.

I also run "slaptest -d acl" and it does note mention any error on this line. However, I have a warning "warning: cannot assess the validity of the ACLscope within backend naming context" on line "by * none". Do you know what the reason is ?

Any further idea ?

--
Emmanuel Aubert

Quoting Aaron Richton <richton@nbcs.rutgers.edu>:

==> by anonymous peername.ip=10.0.0.253 read

I don't think that's valid syntax because you have two <who> clauses, anonymous and peername.ip. Try only
by peername.ip="10.0.0.253 read"
without "anonymous". I'd expect something like this to show up on "slaptest -d acl". If you want additive "anonymous and peername.ip" behavior see "<control>" directives.



I didn't read the ACLs thoroughly to see if they'd work with this change, but it's a starting point...





---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.