[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL: Combining domain and other <who> directives?
Marian Steinbach wrote:
>
> Hello!
>
> After digging into the admin guide and FAQmatic I am not yet aware of
> how to solve this problem:
>
> I only want to allow access to an OpenLDAP 2 server from one domain.
> Within that domain, some other <who> directives are important in order
> to allow different access from none to write. Maybe I am suffering from
> total misconception, but I am just missing boolean operators like "NOT"
> operator or an "AND", that's why I cant formulate the rules in OpenLDAP
> lingo.
>
> In pseudo code, this is what I am after:
>
> access to *
> if (domain == .*.domain.tld) {
> if (self) {
> write
> }
> elseif (users) {
> read
> }
> }
> else {
> no access at all.
> }
>
> Can anybody help out here?
Use tcp wrappers or ipchains/iptables
Pierangelo.
--
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano |
mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy |
http://www.aero.polimi.it/~masarati