[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL by IP
Pierangelo Masarati wrote:
> Daniel Tiefnig wrote:
>> and i've a qestion about ACLs.. entity matching is still only done
>> via regex..(?) did you guys ever think of implementing smth. like
>> subnet mask matching for IPs? that would simplify ACLs in many cases,
>> and therefor likely speed up things as well..
>
> There's something like that in HEAD for the domain ACL, that is the
> subtree match has been implemented to avoid using regex to allow, say,
> access to a subnet:
>
> access to *
> by domain.subtree="polimi.it" read
>
> which also allows submatches like
>
> access to dn.regex=".*dc=([^,]+),dc=it$"
> by domain.subtree,expand="$1.it" read
hmm.. actually i thought about something more like
access to netmask="195.3.81.64/28"
:o)
> Subnet mask might be an interesting evolution; note that all of this,
> at least in my opinion and from my personal experience, should not be
> used instead of appropriate authentication.
of course not. (though i do..)
g,
daniel
--
This may seem a bit weird, but that's okay, because it is weird.
-- The Perl v5.0 manual page
- References:
- ACL by IP
- From: Quinn Perkins <quinn@quinnperkins.com>
- Re: ACL by IP
- From: "Pierangelo Masarati" <masarati@aero.polimi.it>
- Re: ACL by IP
- From: Daniel Tiefnig <openldap@qmail.infonova.at>
- Re: ACL by IP
- From: Pierangelo Masarati <masarati@aero.polimi.it>