ACL issues with peername

["Sean Hussey" <shussey@berklee.edu>]

Hi everyone,

Since most of the client software we use here (Mac OSX Address Book  
on Panther) doesn't seem to support authenticated lookups, we're  
planning on just allowing anonymous address book lookups to the staff  
network (10.*.*.*).  Everything I've read says that this should work:

access to dn.children="ou=people,dc=berklee,dc=edu"  
attrs=cn,sn,mail,givenName,telephoneNumber
        by users                read
        by peername="10.*.*.*"  read
        by *                    break

It doesn't.  If I stick "by anonymous read" in there, it, of course,  
works fine.

The short log entry looks like this when I try to search:

Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 fd=12 ACCEPT from  
IP=10.40.15.2:49927 (IP=0.0.0.0:389)
Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=0 BIND dn=""  
method=128
Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=0 RESULT tag=97  
err=0 text=
Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=1 SRCH  
base="ou=people,dc=berklee,dc=edu" scope=2 deref=0 filter="(| 
(givenName=sean*)(sn=sean*)(cn=sean*)(mail=sean*))"
Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=1 SRCH  
attr=givenName sn cn mail telephoneNumber facsimileTelephoneNumber o  
title ou buildingName street l st postalCode c jpegPhoto mobile co  
pager destinationIndicator labeledURI IMHandle
Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=1 SEARCH RESULT  
tag=101 err=0 nentries=0 text=
Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 op=2 UNBIND
Jul  1 12:46:39 ldapchild3 slapd[22753]: conn=3 fd=12 closed

So, the IP seems, to me, correct, but I'm not sure what that IP in  
parentheses is.

Any thoughts?

Thanks!

Sean

-------
Sean Hussey
Web Database Specialist
Berklee College of Music
617-747-2926

Attachment: smime.p7s
Description: S/MIME cryptographic signature