I currently have my LDAP ACLs setup as follows: access to attrs=userPassword,mail by self write by dnattr=owner write by anonymous auth access to * by * read
I noticed there is an ACL setting called peername that I can use to limit access by IP. Ideally, what I would like to do is keep the above ACLs, and ALSO limit access by a certain group of IP addresses. Consider the following pseudocode: Allow access to (whatever) by (self AND ipaddr=(ip1|ip2|ip3)) write, by (dnattr=owner AND ipaddr=(ip1|ip2|ip3)) write, ... etc. Basically, I want to allow self write ONLY if connecting from a certain group of IPs, allow dnattr=owner ONLY if connecting from a certain group of IPs, ...etc. You can probably see where I am going with this. Further, I want "access * by * read" also limited to this, and if none of these match, deny all. How can I do this? Thanks!
