Re: other acl problems (ip modification)

[francesco tornieri <francesco.tornieri@duke.it>]

On Wednesday 20 February 2002 11:38 am, francesco tornieri wrote:
> I'd like make a structure like :
> pc slave (192.168.2.18) makes change to master (192.168.1.17) but it is
> ablt to modify subtree Scienze
> pc slave (192.168.2.19) makes change to master (192.168.1.17) but it is
> ablt to modify subtree Medicina
> This is my acl list:
>
> access to attrs=userpassword,lmpassword,ntpassword
>         by self write
>         by dn="cn=manager,dc=univr,dc=it" write
>         by dn="uid=manager,ou=Service,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" none
>         by dn="cn=samba,ou=Service,ou=Scienze,dc=univr,dc=it" write
>         by dn="cn=samba,ou=Service,ou=Medicina,dc=univr,dc=it" write
>         by * none
>
> access to attrs=shadowlastchange,pwdlastset,mailForwardingAddress
>         by self write
>         by dn="cn=manager,dc=univr,dc=it" write
>         by dn="uid=manager,ou=Service,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
>         by dn="cn=samba,ou=Service,ou=(.*),dc=univr,dc=it" write
>         by addr="127.0.0.1|192.168.2.*" read
>         by * none
>
> access to
> attrs=pwdcanchange,pwdmustchange,acctflags,logontime,logofftime,kickofftime
>,smbhome,homedrive,script,profile,ntuid,rid,grouprid,uid,uidnumber,gidnumber
>,cn,description,workstation by dn="cn=manager,dc=univr,dc=it" write
>         by dn="uid=manager,ou=Service,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
>         by dn="cn=samba,ou=Service,ou=(.*),dc=univr,dc=it" write
>         by addr="127.0.0.1|192.168.2.*" read
>         by * none
>
> access to attrs=lpquota,lpprinted,lpdate,lpnote
>         by dn="cn=lpquota,ou=Service,dc=univr,dc=it" write
>         by self read
>         by * none
>
> access to attrs=mailMessageStore,mailQuota
>         by dn="cn=manager,dc=univr,dc=it" write
>         by dn="uid=manager,ou=Service,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
>         by self read
>         by * none
>
> access to dn="uid=[^,]+,ou=Scienze,dc=univr,dc=it"
>         by dn="cn=manager,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
>         by addr="192.168.2.18" write
>         by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
>        by * none
>
> access to dn="uid=[^,]+,ou=Medicina,dc=univr,dc=it"
>         by dn="cn=manager,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
>         by addr="192.168.2.19" write
>         by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
>        by * none
>
> access to dn="uid=[^,]+,ou=(.*),dc=univr,dc=it"
>         by dn="cn=manager,dc=univr,dc=it" write
>         by dn="uid=manager,ou=Service,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
>         by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
>         by * none
>
> access to dn="dc=univr,dc=it"
>         by dn="cn=manager,dc=univr,dc=it" write
>         by dn="uid=manager,ou=Service,dc=univr,dc=it" write
>         by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
>         by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
>         by * none
>
> Where is the problem?Can you help me?access to 
> Francesco

Ok i have resolved it in this way :
dn="ou=Scienze,dc=univr,dc=it"
        by addr="127.0.0.1|192.168.2.18" write

access to dn="ou=Medicina,dc=univr,dc=it"
        by addr="127.0.0.1|192.168.2.19" write

access to dn="ou=Scienze,dc=univr,dc=it"
        by addr="127.0.0.1|192.168.2.*" read
Best regards, Francesco