[Date Prev][Date Next] [Chronological] [Thread] [Top]

logical "AND" in slapd acl statement?

To: <openldap-software@openldap.org>
Subject: logical "AND" in slapd acl statement?
From: Aaron Bennett <abennett@clarku.edu>
Date: Fri, 11 Jul 2008 15:17:27 -0400
User-agent: Thunderbird 2.0.0.14 (X11/20080505)

Hi,

I'm sorry if this is a stupid question or one that's asked here often, but...

I need to grant access to a few attributes to a specific dn, but ideally ALSO only if that DN is coming from a specific ip range.

What I want to something like...

access to attrs=myAttribute by ( peername.ip='192.168.1.0%255.255.255.0" AND dn = "cn=me,ou=us,dc=myco,dc=com" ) read

I was pretty surprised that what I had above didn't work, and reading the man 5 slapd.access it seems like it might not be possible. Am I missing something? Is it actually possible to do this?

Best,

Aaron Bennett

Follow-Ups:
- Re: logical "AND" in slapd acl statement?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Again ACL problems
Next by Date: syncrepl failure logs/configuring alias deref
Index(es):
- Chronological
- Thread