Re: ACLs: restrict by IP and user

[Janne Peltonen <janne.peltonen@helsinki.fi>]

On Thu, Apr 28, 2016 at 10:35:27AM -0400, Aaron Richton wrote:
> >So, um. Maybe I'll have a look at the latest 2.4 code next. Thanks for the
> >reply.
> 
> Hmm, no, the latest RE24 checkout from git has that too. Looks like
> back-meta isn't quite there yet.

Yeah, just looked at it myself.

> Now, if your only goal is multiple backend servers, do note that back-ldap
> supports multiple URIs for this scenario?

When our new LDAP system is up and running and everybody uses that, then it
will be the only goal. And I checked, acl-bind (and those legacy
acl-authcDN/acl-passwd and even binddn/bindpw) seem to work as they should with
back-ldap, so at the end, back-ldap should be a perfect match for what we need.

But we're having a migration phase during which we need to proxy one subtree of
our database from an old backend service. So everything else comes from those
two backends but one branch; it comes from a third one. And that would require
back-meta, I think. So apparently we'll have to think a way around that, maybe
by just copying those entries over using a perl script or something...

Thanks again!


--Janne