[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to bind groups from a IP

I have read all that you suggested to me. I have this ACL:

access to attrs=userPassword
    by peername.ip= write
    by * none

With this, the users can bind from this IP, but I can't include groups,or something about users that have GID=1000, for example.

Does anybody can help me?

Thank you very much!

From: Gavin Henry <ghenry@suretecsystems.com>
To: Daniel Pérez del Campo <dpercam@hotmail.com>
CC: openldap-software@openldap.org
Subject: Re: ACL to bind groups from a IP
Date: Fri, 05 Oct 2007 16:03:48 +0100

Daniel Pérez del Campo wrote:
First of all, sorry for my english.
I will try to be clear.
I have a LDAP server running perfectly. I have this in it:

                       objectClass: posixGroup
                       gidnumber: 10

                       objectClass: posixGroup
                       gidnumber: 11

Now, I would like to autheticate users who belong to "profesores" , from IP=
On the other hand, I would like to autheticate users who belongs to "alumnos", from IP=
And at last, the same, but with both groups, and from IP=333.333.333.333.

And in all the cases, the autheticated users could change their password.

I have looked the manual, but I only obtain that all the users( o nodoby) bind from a specific IP, but I don't know with groups of users.

Does anybody can help me??

man slapd.access

Check for dn.regex, groups and peername.ip



Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).


_________________________________________________________________ MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/