Net Warrior wrote:
> Hi there guys, I've got the following configuration with slapd 2.3.19
>
> My aim is to restric users depending on their IP and group, well, this
> configuration doesn't work, and this is the first ACL in slapd.conf
>
> access to attrs=userPassword,shadowLastChange
> by peername.ip=172.16.4.100%255.255.0.0 set="([uid=] + ([cn=Domain
> Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth
> by users write
> by * none
>
>
> This one Does
>
> access to attrs=userPassword,shadowLastChange
> by peername.regex=172\.16\.4\..* set="([uid=] + ([cn=Domain
> Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth
> by users write
> by * none
It seems to me you're missing the point of the IP mask algorithm. It
works like this:
(client_ip & mask) == peername.ip
If mask is not provided, a mask of 255.255.255.255 is assumed, resulting in
client_ip == peername.ip
In your case, where
client_ip = 172.16.4.100
mask = 255.255.0.0
peername.ip = 172.16.4.100
you get
client_ip & mask = 172.16.0.0
and
172.16.0.0 == 172.16.4.100 = FALSE
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: [EMAIL PROTECTED]
---------------------------------------
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
