Tried your suggestion. Search still fails. Here is the log:
entry_decode: "SFTid=0001-00000000,ou=servers,o=sft" Jul 5 11:05:09 ias2 slapd[11516]: <= entry_decode(SFTid=0001-00000000,ou=servers,o=sft) Jul 5 11:05:09 ias2 slapd[11516]: => bdb_dn2id("SFTid=0001-00000000,ou=servers,o=sft") Jul 5 11:05:09 ias2 slapd[11516]: <= bdb_dn2id: got id=0x0000002f Jul 5 11:05:09 ias2 slapd[11516]: => test_filter Jul 5 11:05:09 ias2 slapd[11516]: EQUALITY Jul 5 11:05:09 ias2 slapd[11516]: => access_allowed: search access to "SFTid=0001-00000000,ou=servers,o=sft" "SFTid" requested Jul 5 11:05:09 ias2 slapd[11516]: => acl_get: [1] attr SFTid Jul 5 11:05:09 ias2 slapd[11516]: => acl_mask: access to entry "SFTid=0001-00000000,ou=servers,o=sft", attr "SFTid" requested Jul 5 11:05:09 ias2 slapd[11516]: => acl_mask: to value by "", (=0) Jul 5 11:05:09 ias2 slapd[11516]: <= check a_dn_pat: self Jul 5 11:05:09 ias2 slapd[11516]: <= check a_peername_path: 10.16.13.84 Jul 5 11:05:09 ias2 slapd[11516]: <= check a_peername_path: ^IP=10.16.13.8[1-6]: Jul 5 11:05:09 ias2 slapd[11516]: => acl_string_expand: pattern: ^IP=10.16.13.8[1-6]: Jul 5 11:05:09 ias2 slapd[11516]: => acl_string_expand: expanded: ^IP=10.16.13.8[1-6]: Jul 5 11:05:09 ias2 slapd[11516]: => regex_matches: string:^I IP=127.0.0.1:46724 Jul 5 11:05:09 ias2 slapd[11516]: => regex_matches: rc: 1 no matches Jul 5 11:05:09 ias2 slapd[11516]: <= acl_mask: no more <who> clauses, returning =0 (stop) Jul 5 11:05:09 ias2 slapd[11516]: => access_allowed: search access denied by =0 Jul 5 11:05:09 ias2 slapd[11516]: <= test_filter 50 Jul 5 11:05:09 ias2 slapd[11516]: bdb_search: 47 does not match filter
-----Original Message----- From: Hallvard [mailto:h.b.furuseth@usit.uio.no] Sent: Thursday, July 05, 2007 10:27 AM To: Brian Gaber Cc: openldap-software@openldap.org Subject: Re: Challenge With Access Control
Brian Gaber writes:
access to * by self write by peername=10.16.13.84 write by peername=10.16.13.81 read by peername=10.16.13.82 read by peername=10.16.13.83 read by peername=10.16.13.85 read by peername=10.16.13.86 read
Use peername.ip instead of peername, just like in the one which does work. Or replace the "read" lines with by peername.regex="^IP=10.16.13.8[1-6]:" read
-- Regards, Hallvard