Hi. Are you teling me that if I subtitute this by peername.ip=172.16.4.100%255.255.0.0 set="([uid=] + ([cn=Domain Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth
By this by peername.ip=172.16.4.100 set="([uid=] + ([cn=Domain Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth And by peername.ip=172.16.4.100 auth doesnt' work either. Will it works? cuz it doesn't, if not, sorry for my ilitracy , I did not understand. Thanks for your time. 2008/1/8, Pierangelo Masarati <[EMAIL PROTECTED]>: > > Net Warrior wrote: > > Hi there guys, I've got the following configuration with slapd 2.3.19 > > > > My aim is to restric users depending on their IP and group, well, this > > configuration doesn't work, and this is the first ACL in slapd.conf > > > > access to attrs=userPassword,shadowLastChange > > by peername.ip=172.16.4.100%255.255.0.0 set="([uid=] + ([cn=Domain > > Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth > > by users write > > by * none > > > > > > This one Does > > > > access to attrs=userPassword,shadowLastChange > > by peername.regex=172\.16\.4\..* set="([uid=] + ([cn=Domain > > Users,ou=Groups,dc=netwarrior,dc=com,dc=uy])" auth > > by users write > > by * none > > It seems to me you're missing the point of the IP mask algorithm. It > works like this: > > (client_ip & mask) == peername.ip > > If mask is not provided, a mask of 255.255.255.255 is assumed, resulting > in > > client_ip == peername.ip > > In your case, where > > client_ip = 172.16.4.100 > mask = 255.255.0.0 > peername.ip = 172.16.4.100 > > you get > > client_ip & mask = 172.16.0.0 > > and > > 172.16.0.0 == 172.16.4.100 = FALSE > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > --------------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: [EMAIL PROTECTED] > --------------------------------------- > > > --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
