[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL: Combining domain and other <who> directives?



Marian Steinbach wrote:
> 
> Hello!
> 
> After digging into the admin guide and FAQmatic I am not yet aware of
> how to solve this problem:
> 
> I only want to allow access to an OpenLDAP 2 server from one domain.
> Within that domain, some other <who> directives are important in order
> to allow different access from none to write. Maybe I am suffering from
> total misconception, but I am just missing boolean operators like "NOT"
> operator or an "AND", that's why I cant formulate the rules in OpenLDAP
> lingo.
> 
> In pseudo code, this is what I am after:
> 
> access to *
>   if (domain ==  .*.domain.tld) {
>       if (self) {
>         write
>       }
>       elseif (users) {
>         read
>       }
>   }
>   else {
>       no access at all.
>   }
> 
> Can anybody help out here?

Use tcp wrappers or ipchains/iptables

Pierangelo.

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati