Hope someone can explain this to me.  I am sure it is very trivial.  I have a primary LDAP server (10.16.13.84), a replica LDAP server (10.16.13.85) and a few clients all with a 10.16.13.x address.

Here is the access control I thought would work:

access  to *
  by self write
  by peername=10.16.13.84 write
  by peername=10.16.13.81 read
  by peername=10.16.13.82 read
  by peername=10.16.13.83 read
  by peername=10.16.13.85 read
  by peername=10.16.13.86 read

Here is what does work:

access to *
  by self write
  by peername.ip=10.16.13.84 write
  by * read

        By work I mean that when I am on the replica (10.16.13.85) and issue an ldapsearch to itself I get a 32 no such object with the top access, but I get the expected result with the bottom access.

Brian Gaber