Damon.Groenveld@ca.com wrote:

Given that the code (in aclparse.c) calls inet_addr() with the peername.ip parameter, I can't see how it could will work with IPv6.

The only possible workaround is using a regex instead of ip type which by passes the inet_addr() call.

I raised it as a bug since the latest version (as far as I can tell) is meant to support IPv6 and there is no way that peername.ip does and there isn't an alternative.

The peername.ip was designed with IPv4 in mind. A patch to support IPv6 in ACLs would be welcome, though. In the meanwhile, I believe a regex style would be the solution, but note that I have no idea of how IPv6 would be stringified in the peername. Note that the whole issue is of questionable relevance, since IP-based access checking is not considered trustable.

I asked the question regarding other ways to restrict access since I noted that the documentation mentions TCP Wrappers and has a see also of host_options(5) -- which does not exist,

Apparently that should be hosts_options(5):

$ apropos hosts_options hosts_options (5) - host access control language extensions

Can you point me to the incorrect documentation?

so I was hoping that some advice might come while someone looked at the problem (if or when it was deemed important enough).

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------