[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Please solve my problem about peername ACL on OpenLdap

To: "Hardik Dalwadi" <hardik@deeproot.co.in>
Subject: Re: Please solve my problem about peername ACL on OpenLdap
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Thu, 21 Jul 2005 14:39:42 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <42DF6D5E.5070001@deeproot.co.in>
References: <42DF6D5E.5070001@deeproot.co.in>
User-agent: SquirrelMail/1.4.3a-1

> Hello list,
>
> Can anybody direct me how to use ACL peername in slapd.conf.
>
> if i have acl like that
>
> access to *
>    peername.ip=127.0.0.1 write
>    peername.ip=192.168.1.8 write
> access to * none


This looks incorrect.  I think the right statement, according to
slapd.access(5) would be

access to *
        by peername.ip=127.0.0.1 write
        by peername.ip=192.168.1.8 write

and nothinhg else, if what you want is to allow anyone from those IPs to
have write access and anyone else no access at all.

Having said this, to actually instruct slapd to allow writes by
unauthenticated clients (a nonsense, I admit) you need to tell slapd to do
so by using

allow update_anon

which is detailed in slapd.conf(5).

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Please solve my problem about peername ACL on OpenLdap
  - From: Hardik Dalwadi <hardik@deeproot.co.in>

Prev by Date: Please solve my problem about peername ACL on OpenLdap
Next by Date: Creating multiple suffix in the same directory
Index(es):
- Chronological
- Thread