Re: ACLs with ip control

[aubert@iut-bm.univ-fcomte.fr]

Quoting Aaron Richton <richton@nbcs.rutgers.edu>:

> > I also run "slaptest -d acl" and it does note mention any error on 
> > this line. However, I have a warning "warning: cannot assess the 
> > validity of the ACLscope within backend naming context" on line "by 
> > * none". Do you know what the reason is ?
> All your statements in your first message are "access to *"  either 
> implicitly or explicitly. Outside of the root, "*" might not match 
> everything that you'd think it from a casual reading. So if you have 
> (for instance) those statements under a "suffix dc=femto-st,dc=org", 
> slapd is warning you that "access to dn.subtree="dc=femto-st,dc=org"" 
> might be a lot more intuitive to a quick read.
>
> > I set up "by anonymous peername.ip=10.0.0.253 read" as I saw it in 
> > the opneLDAP FAQ (http://www.openldap.org/faq/index.cgi?file=454). 
> > The ANDed setup seem to be allowed.
> OK, if that's valid syntax, then try slapd -d acl and see what's 
> actually happening?

Hello.

When I start slapd with slapd -d acl, the server starts normally. Evn 
if there are warning messages. The ending message is "slapd starting".

Emmanuel

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.