[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs with ip control

Thank your so quick answer.

I already tried with only by peername.ip="" read
But it is the same result.

I set up "by anonymous peername.ip= read" as I saw it in the opneLDAP FAQ (http://www.openldap.org/faq/index.cgi?file=454). The ANDed setup seem to be allowed.

I also run "slaptest -d acl" and it does note mention any error on this line. However, I have a warning "warning: cannot assess the validity of the ACLscope within backend naming context" on line "by * none". Do you know what the reason is ?

Any further idea ?

Emmanuel Aubert

Quoting Aaron Richton <richton@nbcs.rutgers.edu>:

==> by anonymous peername.ip= read

I don't think that's valid syntax because you have two <who> clauses, anonymous and peername.ip. Try only
by peername.ip=" read"
without "anonymous". I'd expect something like this to show up on "slaptest -d acl". If you want additive "anonymous and peername.ip" behavior see "<control>" directives.

I didn't read the ACLs thoroughly to see if they'd work with this change, but it's a starting point...

---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.