[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: binding anonymously when slave tries to replicate
Jan-Michael Ong wrote...:
> A few weeks ago I posted a question regarding the following:
>
> If the slave is sent an update, a referral is sent to the master
> which then propagates the changes. However, I noticed that all
> updates fail since the slave tries to update an entry on the master
> anonymously.
actually i'd be surprised, if it really happened the way you explain.
referrals aren't sent to the master, but back to the client, which (the
client) is then responsible for passing the update request to the
referred server (the master..).
> Would it be a good idea to let the master accept an anonymous bind
> just from the slave? If so how can I write the access rule to do
> this? I was thinking of the following. Could someone please correct
> me or offer some hints as to how they solved this problem.
>
> access to *
> by * peername="ip address of the slave:*" write
access to *
by peername"IP=1\.2\.3\.4" write
> I'm just afraid that this might be susceptible to IP spoofing and I
> will essentially be letting everyone write to the ldap server.
hmm, actually it is, i guess.. but i think you don't need the above
anonymous-write ACL, regarding what i said about referrals, do you..?
hth,
daniel