[Date Prev][Date Next]
Re: ACLs with ip control
I also run "slaptest -d acl" and it does note mention any error on this line.
However, I have a warning "warning: cannot assess the validity of the
ACLscope within backend naming context" on line "by * none". Do you know what
the reason is ?
All your statements in your first message are "access to *" either
implicitly or explicitly. Outside of the root, "*" might not match
everything that you'd think it from a casual reading. So if you have (for
instance) those statements under a "suffix dc=femto-st,dc=org", slapd is
warning you that "access to dn.subtree="dc=femto-st,dc=org"" might be a
lot more intuitive to a quick read.
I set up "by anonymous peername.ip=10.0.0.253 read" as I saw it in the
opneLDAP FAQ (http://www.openldap.org/faq/index.cgi?file=454). The ANDed
setup seem to be allowed.
OK, if that's valid syntax, then try slapd -d acl and see what's actually