[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
domain vs peername in acls
I've carefully read the docs but I can't seem to find detailed
information on these "who" modifiers
I want to set things up so that remote machines are required to use
tls to access sensitive information, but i don't want to waste the over
head to tls on a local connection.
After some googling I found some examples about how peername is supposed
to be used...
I thought this sort of acl would work...
access to attribute=userPassword,lmPassword,ntPassword
by peername="IP=127\.0\.0\.1:*"
dn="cn=ldapadmin_name,dc=myhost,dc=univ,dc=edu" write
by peername="IP=127\.0\.0\.1:*" anonymous auth
by ssf=112 dn="cn=ldapadmin,dc=myhost,dc=univ,dc=edu" write
by ssf=112 anonymous auth
by self write
by * none
I've also tried "domain=" instead of the "peername=" lines
I must add something like this to get things working
by domain="myhost.univ.edu" anonymous auth
(where myhost.univ.edu is the local host name)
peername="IP=myexternalipaddress" ... also seems to work..
(i guess that means that my application is using my external ip address
instead of localhost...)
what is the difference between the domain and peername clauses?
where can i find more information about this?
brad