Hello Kyle, Thank you for your answer. I've implemented this solution and started slapd with -d 256 to make sure of the incoming IP address.Unfortunately this solution doesn't work. Regards
> De : Kyle Smith <[email protected]> >À : Mik J <[email protected]> > >I can't find specifics on how it works, but the acls contain a "set" command >so something like: > >access to <what> > by set="dn=[uid=myadmin,ou=people,dc=mydomain,dc=org] & >peername.ip=1.1.1.1" read > >might work for you, although I don't know the actual syntax or if this is how >it was meant to be used. > >The ACL reference is >here: http://www.openldap.org/doc/admin24/access-control.html > >Kyle > > >2012/10/4 Mik J <[email protected]> > >Hello, >> >>I have this ACL that allows the users myadmin to list encrypted passwords >> >>access to >>attrs=userpassword,shadowMax,shadowExpire,sambaLMPassword,sambaNTPassword,sambaPwdLastSet >> by dn="uid=myadmin,ou=people,dc=mydomain,dc=org" read >> >>However this user my admin is supposed to come from one IP 1.1.1.1 only. >>I think that the peername directive might help to achive this task but I >>don't know how to associate it with the user myadmin. >>In conclusion I would like that the user myadmin coming from IP 1.1.1.1 be >>able to see the encrypted passwords. >>If the user myadmin comes from another IP like 2.2.2.2 he would not match the >>ACL and therefore not be able to see encrypted passwords. >> >>Does anyone know what is the syntax ?
