Given that the code (in aclparse.c) calls inet_addr() with the peername.ip parameter, I can't see how it could will work with IPv6.

The only possible workaround is using a regex instead of ip type which by passes the inet_addr() call.

I raised it as a bug since the latest version (as far as I can tell) is meant to support IPv6 and there is no way that peername.ip does and there isn't an alternative.

I asked the question regarding other ways to restrict access since I noted that the documentation mentions TCP Wrappers and has a see also of host_options(5) -- which does not exist, so I was hoping that some advice might come while someone looked at the problem (if or when it was deemed important enough).

Damon Groenveld CA Architect, Development tel: +61 3 9727 8920 fax: +61 3 9727 3491 mobile: +61 419 922 326 damon.groenveld@ca.com

-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Friday, 17 November 2006 4:59 PM To: Groenveld, Damon Cc: openldap-its@openldap.org Subject: Re: (ITS#4756) IPv6 Addresses are not supported in ACL peername

damon.groenveld@ca.com wrote:

Full_Name: Damon Groenveld Version: LATEST OS: Solaris, WinXP, Linux, AIX, HP-UX URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (60.224.6.218)

There does not seem to be the ability to specify an IPv6 address in

the peername

part of the ACL.

Is there any other way to restrict access to a host IP address when

using only

IPv6 addresses?

Software usage questions should be directed to the OpenLDAP-software mailing list. There is no indication of a bug here, most likely this report should be closed.