[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl, host problem

To: "francesco.tornieri" <francesco.tornieri@duke.it>
Subject: Re: acl, host problem
From: Thomas Nau <thomas.nau@rz.uni-ulm.de>
Date: Fri, 15 Mar 2002 14:12:50 +0100 (MET)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.33.0203151323320.336-100000@blackkane.oscuro.net>

Francesco,
you can use peername similar to domain eg for the loopback interface

        by peername="IP=127\.0\.0\.1:.*" read

Hope this helps


On Fri, 15 Mar 2002, francesco.tornieri wrote:

>
>Hi, I have a simple questions...
>in slapd.conf (openldap 1.2.x) I colud use 'by addr' parameter (for
>example:by addr=10.10.*.* read) but in the latest versions of opendalp
>(2.0.x) I haven't it. Have I use 'by domain' parameter?How can i use it if
>i
>have some pc that haven't domain?
>I have create these ACL:
>
>by domain=.*\.univr\.it read
>        by domain=.st2\.students\.univr\.it read
>        by domain=.localhost\.localdomain read
>
>In my log I find:
>
>daemon: conn=0 fd=7 connection from IP=127.0.0.1:45981 (IP=0.0.0.0:34049)
>accepted
>...........
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:  .*.univr.it
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded: .*.univr.it
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
>Mar 15 09:49:08 tic slapd[13911]: <= check a_domain_pat:
>.st2.students.univr.it
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:
>.st2.students.univr.it
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded:
>.st2.students.univr.it
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
>Mar 15 09:49:08 tic slapd[13911]: <= check a_domain_pat:
>.localhost.localdomain
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:
>.localhost.localdomain
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded:
>.localhost.localdomain
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
>Mar 15 09:49:08 tic slapd[13911]: <= check a_domain_pat: .localdomain
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: pattern:  .localdomain
>Mar 15 09:49:08 tic slapd[13911]: => string_expand: expanded: .localdomain
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: string:   unknown
>Mar 15 09:49:08 tic slapd[13911]: => regex_matches: rc: 1 no matches
>Mar 15 09:49:08 tic slapd[13911]: <= check a_dn_pat: *
>Mar 15 09:49:08 tic slapd[13911]: <= acl_mask: [9] applying none (=n)
>(stop)
>Mar 15 09:49:08 tic slapd[13911]: <= acl_mask: [9] mask: none (=n)
>Mar 15 09:49:08 tic slapd[13911]: => access_allowed: search access denied
>by
>none (=n)
>.........
>
>So, How I can permit to some machine write/read ldap tree?
>Thx, Francesco
>
>
>
>
>

-----------------------------------------------------------------
PGP fingerprint: B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
Phone:           +49 731 50 22464
FAX:             +49 731 50 22471

References:
- acl, host problem
  - From: "francesco.tornieri" <francesco.tornieri@duke.it>

Prev by Date: Re: Access Control confusion
Next by Date: Re: acl, host problem
Index(es):
- Chronological
- Thread