[Date Prev][Date Next] [Chronological] [Thread] [Top]

Challenge With Access Control

To: <openldap-software@openldap.org>
Subject: Challenge With Access Control
From: "Brian Gaber" <Brian.Gaber@PWGSC.GC.CA>
Date: Thu, 5 Jul 2007 09:01:08 -0400
Content-class: urn:content-classes:message
Thread-index: Ace/BI87syPJVGtlTUi40nh3X3BuUg==
Thread-topic: Challenge With Access Control

Title: Challenge With Access Control

Hope someone can explain this to me. I am sure it is very trivial. I have a primary LDAP server (10.16.13.84), a replica LDAP server (10.16.13.85) and a few clients all with a 10.16.13.x address.

Here is the access control I thought would work:

access to *
by self write
by peername=10.16.13.84 write
by peername=10.16.13.81 read
by peername=10.16.13.82 read
by peername=10.16.13.83 read
by peername=10.16.13.85 read
by peername=10.16.13.86 read

Here is what does work:

access to *
by self write
by peername.ip=10.16.13.84 write
by * read

By work I mean that when I am on the replica (10.16.13.85) and issue an ldapsearch to itself I get a 32 no such object with the top access, but I get the expected result with the bottom access.

Brian Gaber

Follow-Ups:
- Re: Challenge With Access Control
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Challenge With Access Control
  - From: "Michal Dobroczynski" <michal.dobroczynski@gmail.com>

Prev by Date: Re: Lock is no longer valid / deferring operation
Next by Date: Re: Building OpenLDAP client tools in Wintel platform - reg
Index(es):
- Chronological
- Thread