On 05/07/07, Brian Gaber <[EMAIL PROTECTED]> wrote:
Hope someone can explain this to me. I am sure it is very trivial. I have a primary LDAP server (10.16.13.84), a replica LDAP server (10.16.13.85) and a few clients all with a 10.16.13.x address. Here is the access control I thought would work: access to * by self write by peername=10.16.13.84 write by peername=10.16.13.81 read by peername=10.16.13.82 read by peername=10.16.13.83 read by peername=10.16.13.85 read by peername=10.16.13.86 read Here is what does work: access to * by self write by peername.ip=10.16.13.84 write by * read By work I mean that when I am on the replica (10.16.13.85) and issue an ldapsearch to itself I get a 32 no such object with the top access, but I get the expected result with the bottom access.
I am not 100% sure, but maybe this will help you (I am using similar ACL). AFAIR in the peername you need to add the "IP=" - but I don't really remember, please correct me. The regex matching directive that works for me looks like this: by peername.regex="IP=10\.10\.120\..+" read Then you could try: by peername.regex="IP=10\.16\.13\.8[1-6]" read And please double check if you need to supply the "IP=10.10.10.10" for the "by peername" without regex. The regex solution will not conflict with the first entry as write permission includes reading (and ACL parsing stops on the first matched rule). Hope this helps. Regards, Michal
Brian Gaber