[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl, host problem

Hi, I have a simple questions...
in slapd.conf (openldap 1.2.x) I colud use 'by addr' parameter (for
example:by addr=10.10.*.* read) but in the latest versions of opendalp
(2.0.x) I haven't it. Have I use 'by domain' parameter?How can i use it if
i
have some pc that haven't domain?
I have create these ACL:

by domain=.*\.univr\.it read
        by domain=.st2\.students\.univr\.it read
        by domain=.localhost\.localdomain read

In my log I find:

daemon: conn=0 fd=7 connection from IP=127.0.0.1:45981 (IP=0.0.0.0:34049)
accepted
...........
Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:  .*.univr.it
Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded: .*.univr.it
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
Mar 15 09:49:08 tic slapd[13911]: <= check a_domain_pat:
.st2.students.univr.it
Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:
.st2.students.univr.it
Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded:
.st2.students.univr.it
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
Mar 15 09:49:08 tic slapd[13911]: <= check a_domain_pat:
.localhost.localdomain
Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:
.localhost.localdomain
Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded:
.localhost.localdomain
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
Mar 15 09:49:08 tic slapd[13911]: <= check a_domain_pat: .localdomain
Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:  .localdomain
Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded: .localdomain
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
Mar 15 09:49:08 tic slapd[13911]: <= check a_dn_pat: *
Mar 15 09:49:08 tic slapd[13911]: <= acl_mask: [9] applying none (=n)
(stop)
Mar 15 09:49:08 tic slapd[13911]: <= acl_mask: [9] mask: none (=n)
Mar 15 09:49:08 tic slapd[13911]: => access_allowed: search access denied
by
none (=n)
.........

So, How I can permit to some machine write/read ldap tree?
Thx, Francesco