[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL peername

To: openldap-technical@openldap.org
Subject: ACL peername
From: Natalia <nata.cs2@gmail.com>
Date: Fri, 11 Feb 2011 13:55:29 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=Hk+/m97bV358F9YjPu8xN14Xc72Q8euVFwJMPlK2lZQ=; b=FFaSoUUnjQtY2hkvhSXBBc8b2m/jt3du4zQusqc8VR4KtbvJknYB/cOKmnOo9FbnKH +J6injGrus4msO2sYRy68HS5DzLcHyMidhyQqVKTZAxdomv1HrkL4ge8beybr6M8cc+2 BycURlZIC+8wBE9AxeyMY8szWocIb+prJv1ls=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=xT/BSHQX6H5ZAH+3A6p9dgffzHKqmFvrkI1xfJhM/pQqqUn94mhUuD3Bh7Us/dveQ2 9BHSPHwJGGiwoH3oLvqGWnORqBa6LNxspIedb6ioA8n8030rha39YTdpKLJHdLvzryVe PvxRQUTQeaLvBEP0I4eqX+jBDpgqm9Vs0aQoE=

Hi,

i have a problem with ACLs. I will to grant access to IP. my ACL:

olcAccess: to dn.subtree="ou=people,dc=example,dc=de"
by group.exact="cn=lda,ou=Endsysteme,dc=example,dc=de" write
by group.exact="cn=kon,ou=Endsysteme,dc=example,dc=de" read
by peername.ip=127.0.0.1 read
by * none

But i become error:

ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcAccess> handler exited with 1

in logs:

conn=1034 op=4 MOD attr=olcAccess olcAccess
Feb 11 13:33:07 ldap slapd2.4[21279]: slapd: line 0: expecting <access> got "writeby".
Feb 11 13:33:07 ldap slapd2.4[21279]: <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ <what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>] <attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist> <attrlist> ::= <attr> [ , <attrlist> ] <attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children <who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ] [ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ] [dnattr=<attrname>] [realdnattr=<attrname>] [group[/<objectclass>[/<attrname>]][.<style>]=<group>] [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>] [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>] [dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]] [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>] <style> ::= exact | regex | base(Object) <dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex <attrstyle> ::= exact | regex | base(Obj
Feb 11 13:33:07 ldap slapd2.4[21279]: conn=1034 op=4 RESULT tag=103 err=80 text=<olcAccess> handler exited with 1

I have OpenLDAP 2.4.22. If i remove "by peername.ip=127.0.0.1 read" it works.

Thanks for help!

Kind regards
Natalia

Follow-Ups:
- Re: ACL peername
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: Login with email ?
Next by Date: Slapd Security based on port
Index(es):
- Chronological
- Thread