[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: binding anonymously when slave tries to replicate

To: openldap-software@OpenLDAP.org
Subject: Re: binding anonymously when slave tries to replicate
From: Daniel Tiefnig <openldap@qmail.infonova.at>
Date: Thu, 20 Dec 2001 08:34:58 +0000 (UTC)
Organization: Infonova
References: <4.3.2.7.2.20011219133733.0175cb00@mailsj-v1>

Jan-Michael Ong wrote...:

> A few weeks ago I posted a question regarding the following:
> 
> If the slave is sent an update, a referral is sent to the master
> which then propagates the changes. However, I noticed that all
> updates fail since the slave tries to update an entry on the master
> anonymously. 

actually i'd be surprised, if it really happened the way you explain. 
referrals aren't sent to the master, but back to the client, which (the 
client) is then responsible for passing the update request to the 
referred server (the master..).

> Would it be a good idea to let the master accept an anonymous bind
> just from the slave? If so how can I write the access rule to do
> this? I was thinking of the following. Could someone please correct
> me or offer some hints as to how they solved this problem.
> 
> access to *
>     by * peername="ip address of the slave:*" write

access to *
   by peername"IP=1\.2\.3\.4" write

> I'm just afraid that this might be susceptible to IP spoofing and I
> will essentially be letting everyone write to the ldap server.

hmm, actually it is, i guess.. but i think you don't need the above 
anonymous-write ACL, regarding what i said about referrals, do you..?

hth,
daniel

References:
- binding anonymously when slave tries to replicate
  - From: Jan-Michael Ong <jmong@adobe.com>

Prev by Date: Re: configure - specify SleepyCat
Next by Date: Re: how to tell version?
Index(es):
- Chronological
- Thread