I can't find specifics on how it works, but the acls contain a "set"
command so something like:
access to <what>
by set="dn=[uid=myadmin,ou=people,dc=mydomain,dc=org] &
peername.ip=1.1.1.1" read
might work for you, although I don't know the actual syntax or if this is
how it was meant to be used.
The ACL reference is here:
http://www.openldap.org/doc/admin24/access-control.html
Kyle
2012/10/4 Mik J <[email protected]>
> Hello,
>
> I have this ACL that allows the users myadmin to list encrypted passwords
>
>
> access to
> attrs=userpassword,shadowMax,shadowExpire,sambaLMPassword,sambaNTPassword,sambaPwdLastSet
> by dn="uid=myadmin,ou=people,dc=mydomain,dc=org" read
>
>
> However this user my admin is supposed to come from one IP 1.1.1.1 only.
> I think that the peername directive might help to achive this task but I
> don't know how to associate it with the user myadmin.
> In conclusion I would like that the user myadmin coming from IP 1.1.1.1 be
> able to see the encrypted passwords.
> If the user myadmin comes from another IP like 2.2.2.2 he would not match
> the ACL and therefore not be able to see encrypted passwords.
>
> Does anyone know what is the syntax ?
>
>
>
