Re: ACLs with ip control

[aubert@iut-bm.univ-fcomte.fr]

Thank your so quick answer.

I already tried with only by peername.ip="10.0.0.253" read
But it is the same result.

I set up "by anonymous peername.ip=10.0.0.253 read" as I saw it in the 
opneLDAP FAQ (http://www.openldap.org/faq/index.cgi?file=454). The 
ANDed setup seem to be allowed.

I also run "slaptest -d acl" and it does note mention any error on this 
line. However, I have a warning "warning: cannot assess the validity of 
the ACLscope within backend naming context" on line "by * none". Do you 
know what the reason is ?

Any further idea ?

--
Emmanuel Aubert

Quoting Aaron Richton <richton@nbcs.rutgers.edu>:

> >   ==> by anonymous peername.ip=10.0.0.253 read
>
> I don't think that's valid syntax because you have two <who> clauses, 
> anonymous and peername.ip. Try only
> 	by peername.ip="10.0.0.253 read"
> without "anonymous". I'd expect something like this to show up on 
> "slaptest -d acl". If you want additive "anonymous and peername.ip" 
> behavior see "<control>" directives.
>
>
> I didn't read the ACLs thoroughly to see if they'd work with this 
> change, but it's a starting point...



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.