[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL tricks

Is it possible to restrict (for example) writes to a specific DN coming from
a specific IP from slapd alone?

Currently there is a tremendous hack of cascading negating regexes like:

access          to *
                by addr="^1[^6].*" read
                by addr="^16[^3].*" read
                by addr="^163\.[^1].*" read
                by addr="^163\.1[^8].*" read
                by addr="^163\.18[^5].*" read
                by addr="^163\.185\.[^1].*" read
                by addr="^163\.185\.1[^8].*" read
                by addr="^163\.185\.18\.[^2].*" read
                by addr="^163\.185\.18\.2[^3].*" read
                by addr="^163\.185\.18\.23[^0]" read
                by dn="cn=LDAP Replication  100000,ou=role,o=SLB,c=AN" write

This is basically implementing a negated match which seems would be a useful
additional generally to the ACL. I didn't see an obvious way to do this from
the Admin. Guide.