[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP based ACL

To: Frank Swasey <Frank.Swasey@uvm.edu>
Subject: Re: IP based ACL
From: Craig Squires <csquires@math.mun.ca>
Date: Mon, 8 Mar 2004 12:16:59 -0330 (NST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.58.0402261028260.2509@ybpnyubfg.ybpnyqbznva>

Just another datapoint on this issue:

I've found using peername.regex was the only way I could get this to
work. None of the "exact" samples I could find anywhere would match.
We're using 2.2.4 here.

Q: is there a performance hit for using .regex rather than an exact
match?

Q2: does anyone know what the exact match should be?

Craig

On Thu, 26 Feb 2004, Frank Swasey wrote:

> Today at 8:51am, charlie derr wrote:
> 
> > access to *
> >        by peername="ip=1.2.3.4:*" read
> >        by anonymous none
> >        by * read
> 
> You will be better served to actually force it to use regex instead of
> using the default (in 2.1) behavior.  If you use the default behavior
> today and upgrade to 2.2 tomorrow, you will be dismayed that it has
> suddenly stopped working because the default in 2.2 is exact.
> 
> So, I would recommend that you use:
> access to *
>         by peername.regex="^ip=1.2.3.4:" read
>         by anonymous none
>         by * read
> 
> 

-- 
........................................................................
$Id: mathdeptsysadmin,v 2.0 Mon Mar  8 11:50:50 2004 Craig Squires Exp $
Your excuse is: static from plastic slide rules
[Excuse courtesy of The BOFH-style Excuse Server: nc riemann excuses]

Follow-Ups:
- Re: IP based ACL
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: back-sql: custom attribute list: segmentation fault
Next by Date: Re: back-sql: custom attribute list: segmentation fault
Index(es):
- Chronological
- Thread