Hello all, I need help in three problems that I'm facing with my OpenLDAP implementation please. First problem: I'm able to connect to my LDAP server on 636 port without a problem from the same subnet but not outside the Internet. What I want to achieve is to be able to connect from a particular range of static IP's. The ACL part of my slapd.conf is: access to attrs=userPassword,shadowLastChange by dn="uid=authenticate,ou=System,dc=example.com" read by dn="uid=myusername,ou=Users,ou=bca,dc=example.com" read by anonymous auth by self write access to attrs=givenName,sn,cn,mail by dn="uid=syncrepl,ou=system,dc=example.com" read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by self read by users auth by anonymous auth access to attrs=uid by anonymous read by users read access to dn.regex="^.*,uid=([^,]+),ou=Users,dc=example.com$" by dn.exact,expand="uid=$1,ou=Users,dc=example.com" write access to * by dn.exact="uid=authenticate,ou=System,dc=example.com" none by users none break by self read by users read by * none 2nd problem: The following ACL does not work at all or I'm doing something wrong: access to attrs=givenName,sn,cn,mail by dn="uid=syncrepl,ou=system,dc=example.com" read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by self read by users auth by anonymous auth I can't bind as anonymous from 'some_static_ip' in order to fetch the mail, givenName etc into the Thunderbird address book for example. 3rd problem and last! If I reboot the master server then the slave does not bind correctly and email etc does not work at all even though it is configured on that server (slave). Also when I reboot the servers, master must come up first as otherwise I'm not able to connect until I reboot the slave server. Both servers running on Ubuntu 9.04 if that matters in any way. See output: root@masterldap:/etc/ldap# dpkg -l slapd Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii slapd 2.4.15-1ubuntu OpenLDAP server (slapd) I have also attached the whole slapd.conf file of my master server in case that helps more. Any help, suggestion is much appreciated.
Attachment:
slapd.conf
Description: Binary data