Re: peername + openldap 2.2.4

[D.M.Lewney@sussex.ac.uk (Dave Lewney)]

Pierangelo Masarati wrote:
> > --On Wednesday, January 07, 2004 9:06 AM +0000 Dave Lewney
> > <D.M.Lewney@sussex.ac.uk> wrote:
> >
> >
> > > Trying to restrict access to Openldap server (v2.2.4 running under
> > > Solaris 8) to 139.184.0.0/16 with this acl ...
> > >
> > > access to *
> > >         by peername="139.184.*.*"               read
> > >         by peername="IP=127\.0\.0\.1:*"         read
> > >         by users  ssf=112       tls_ssf=112             read
> > >         by *                            none
> >
> > Hello Dave,
> >
> > I see the same issue.  I've filed an ITS at the OpenLDAP website
> > (ITS#2904).
>
>
> Works perfectly for me (HEAD, but right now it's exactly
> like 2.2.*).  I note that
>
>         peername="139.184.*.*"
>
> is an invalid regex (or, at least, results in a different
> behavior from what you likely expect).  Moreover, the default
> for unqualified acl patterns is now EXACT rather than REGEX.
> ...
> A rather better solution would be to use
> ...
>        peername.regex="^IP=139\.184\.*"

Success! It was the change in the default behaviour (between v2.1 and v2.2) 
that caused the problem. Thanks to the contributors.

Dave
--
Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956