[Date Prev][Date Next] [Chronological] [Thread] [Top]

adding access location and method to an ACL

To: openldap-software@OpenLDAP.org
Subject: adding access location and method to an ACL
From: Jason Joines <joines@bus.okstate.edu>
Date: Mon, 14 Feb 2005 15:29:30 -0600
User-agent: Mozilla Thunderbird 1.0 (X11/20041207)

   I have this ACL in place at the moment and have TLS and ldapi working.

access to attr=userPassword
 by self write
 by anonymous auth
 by * none

access to attr=sambaNTPassword
 by self write
 by anonymous auth
 by * none

access to attr=sambaLMPassword
 by self write
 by anonymous auth
 by * none

access to *
 by * read

Now I need to add some additional controls. (1) I want local access via the socket /var/run/slapd/ldapi with no encryption required. (2) I want access from hosts in a private subnet is to be the same, no encryption required, say from 172.19.1.0/27. (3) I want access from hosts in several public subnets but require encryption, say 172.19.2.0/23, 172.19.6.0/22, and 172.19.11.0/24. (4) I want access from everywhere else to be denied.

I've read slapd.access and see sockname, sockurl, peer, ssf_tls, ssf_transport and lots of other options that look like they can be combined to accomplish this. I've searched Google, this list, and the FAQ-O-Matic for examples but still don't have much idea how to get started.

   Any assistance would be appreciated.

Thanks,

Jason Joines
=================================

Prev by Date: Re: ACLs, regex, negative lookahead
Next by Date: Re: problem with openldap-2.0.27 - unsupported btree version 9
Index(es):
- Chronological
- Thread