[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP based ACL

To: charlie derr <cderr@simons-rock.edu>
Subject: Re: IP based ACL
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Thu, 26 Feb 2004 10:31:12 -0500 (EST)
Cc: Beast <indorama@rad.net.id>, openldap-software@OpenLDAP.org
In-reply-to: <403DF9D6.10206@simons-rock.edu>
References: <20040226201644.4da0fca1@tulip> <403DF9D6.10206@simons-rock.edu>

Today at 8:51am, charlie derr wrote:

> access to *
>        by peername="ip=1.2.3.4:*" read
>        by anonymous none
>        by * read

You will be better served to actually force it to use regex instead of
using the default (in 2.1) behavior.  If you use the default behavior
today and upgrade to 2.2 tomorrow, you will be dismayed that it has
suddenly stopped working because the default in 2.2 is exact.

So, I would recommend that you use:
access to *
        by peername.regex="^ip=1.2.3.4:" read
        by anonymous none
        by * read

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===

References:
- IP based ACL
  - From: Beast <indorama@rad.net.id>
- Re: IP based ACL
  - From: charlie derr <cderr@simons-rock.edu>

Prev by Date: blank attribute value.
Next by Date: Re: blank attribute value.
Index(es):
- Chronological
- Thread