Hello all,

I need help in three problems that I'm facing with my OpenLDAP implementation please.

First problem: I'm able to connect to my LDAP server on 636 port without a problem from the same subnet but not outside the Internet. What I want to achieve is to be able to connect from a particular range of static IP's.

The ACL part of my slapd.conf is:

access to attrs=userPassword,shadowLastChange by dn="uid=authenticate,ou=System,dc=example.com" read by dn="uid=myusername,ou=Users,ou=bca,dc=example.com" read by anonymous auth by self write

access to attrs=givenName,sn,cn,mail by dn="uid=syncrepl,ou=system,dc=example.com" read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by self read by users auth by anonymous auth

access to attrs=uid by anonymous read by users read

access to dn.regex="^.*,uid=([^,]+),ou=Users,dc=example.com$" by dn.exact,expand="uid=$1,ou=Users,dc=example.com" write

access to * by dn.exact="uid=authenticate,ou=System,dc=example.com" none by users none break by self read by users read by * none

2nd problem: The following ACL does not work at all or I'm doing something wrong:

access to attrs=givenName,sn,cn,mail by dn="uid=syncrepl,ou=system,dc=example.com" read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by anonymous peername.ip=some_static_ip read by self read by users auth by anonymous auth

I can't bind as anonymous from 'some_static_ip' in order to fetch the mail, givenName etc into the Thunderbird address book for example.

3rd problem and last! If I reboot the master server then the slave does not bind correctly and email etc does not work at all even though it is configured on that server (slave). Also when I reboot the servers, master must come up first as otherwise I'm not able to connect until I reboot the slave server.

Both servers running on Ubuntu 9.04 if that matters in any way. See output: root@masterldap:/etc/ldap# dpkg -l slapd Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii slapd 2.4.15-1ubuntu OpenLDAP server (slapd)

I have also attached the whole slapd.conf file of my master server in case that helps more.

Any help, suggestion is much appreciated.