Aaron Richton wrote:
If the copier has a Bind DN option, then something along the lines of...
access to dn.subtree="ou=Engineering,dc=example,dc=com"
by dn.exact="cn=EngineeringCopier,ou=Engineering,dc=example,dc=com" read
by [...everythingelse...]
access to *
by dn.exact="cn=EngineeringCopier,ou=Engineering,dc=example,dc=com" none
by [...everythingelse...]
Excellent, I thought ACLs were restricted to attributes only, not to
whole entries.
If it doesn't, you could substitute the "dn.exact" with "peername.ip."
Super disgusting, but it'd probably work.
Bind dn option failed because printer doesn't allow to install ca
certificates, nor to do ssl/tls without checking server certificates,
and autentication is only permitted through encrypted connection, so I
had to rely on copier IP.
Thanks !
--
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62