[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap queries rewriting

Aaron Richton wrote:
If the copier has a Bind DN option, then something along the lines of...

access to dn.subtree="ou=Engineering,dc=example,dc=com"
  by dn.exact="cn=EngineeringCopier,ou=Engineering,dc=example,dc=com" read
  by [...everythingelse...]

access to *
  by dn.exact="cn=EngineeringCopier,ou=Engineering,dc=example,dc=com" none
  by [...everythingelse...]
Excellent, I thought ACLs were restricted to attributes only, not to whole entries.

If it doesn't, you could substitute the "dn.exact" with "peername.ip." Super disgusting, but it'd probably work.
Bind dn option failed because printer doesn't allow to install ca certificates, nor to do ssl/tls without checking server certificates, and autentication is only permitted through encrypted connection, so I had to rely on copier IP.

Thanks !
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62