[Date Prev][Date Next] [Chronological] [Thread] [Top]

domain vs peername in acls

To: openldap-software@OpenLDAP.org
Subject: domain vs peername in acls
From: "Bradley W. Langhorst" <brad@langhorst.com>
Date: 07 Oct 2002 11:05:17 -0400

I've carefully read the docs but I can't seem to find detailed
information on these "who" modifiers

I want to set things up so that remote machines are required to use
tls to access sensitive information, but i don't want to waste the over
head to tls on a local connection.

After some googling I found some examples about how peername is supposed
to be used...

I thought this sort of acl would work...

access to attribute=userPassword,lmPassword,ntPassword
        by peername="IP=127\.0\.0\.1:*"
dn="cn=ldapadmin_name,dc=myhost,dc=univ,dc=edu" write
        by peername="IP=127\.0\.0\.1:*" anonymous auth
        by ssf=112 dn="cn=ldapadmin,dc=myhost,dc=univ,dc=edu" write
        by ssf=112 anonymous auth
        by self write
        by * none

I've also tried "domain=" instead of the "peername=" lines

I must add something like this to get things working
        by domain="myhost.univ.edu" anonymous auth
(where myhost.univ.edu is the local host name)
peername="IP=myexternalipaddress" ... also seems to work..
(i guess that means that my application is using my external ip address
instead of localhost...)



what is the difference between the domain and peername clauses?
where can i find more information about this?

brad

Prev by Date: OpenLDAP under windows, I am frustrated now
Next by Date: Domino to OpenLDAP
Index(es):
- Chronological
- Thread