FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-15-2010, 08:02 AM
Deyan Stoykov
 
Default Host based ACI and LDAPI

Hi!

I'm running centos-ds-8.1.0-1.el5. When I set up a list of allowed hosts
for an ACI, in addition to non-matching hosts, requests via LDAPI are
rejected as well. This does make sense, but is there a way to allow
connections from a list of remote hosts and via LDAPI?

TIA,
Deyan

--
Deyan Stoykov, dstoykov@uni-ruse.bg
System administrator
University of Ruse
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-15-2010, 03:18 PM
Rich Megginson
 
Default Host based ACI and LDAPI

Deyan Stoykov wrote:
> Hi!
>
> I'm running centos-ds-8.1.0-1.el5. When I set up a list of allowed hosts
> for an ACI, in addition to non-matching hosts, requests via LDAPI are
> rejected as well. This does make sense, but is there a way to allow
> connections from a list of remote hosts and via LDAPI?
>
Can you provide the exact aci you're using?
> TIA,
> Deyan
>
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-16-2010, 11:18 AM
Deyan Stoykov
 
Default Host based ACI and LDAPI

Rich Megginson wrote:
> Deyan Stoykov wrote:
>> Hi!
>>
>> I'm running centos-ds-8.1.0-1.el5. When I set up a list of allowed hosts
>> for an ACI, in addition to non-matching hosts, requests via LDAPI are
>> rejected as well. This does make sense, but is there a way to allow
>> connections from a list of remote hosts and via LDAPI?
>>
> Can you provide the exact aci you're using?

(targetattr = "roomNumber || uid || ..... || telephoneNumber ||
facsimileTelephoneNumber")
(version 3.0;
acl "Anonymous access";
allow (read,compare,search)
(userdn = "ldap:///anyone") and
(ip="172.16.*.*")


Currently this excludes LDAPI and I'd like to allow it.

Regards,
Deyan

--
Deyan Stoykov, dstoykov@uni-ruse.bg
System administrator
University of Ruse
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 07-16-2010, 09:29 PM
Rich Megginson
 
Default Host based ACI and LDAPI

Deyan Stoykov wrote:
> Rich Megginson wrote:
>
>> Deyan Stoykov wrote:
>>
>>> Hi!
>>>
>>> I'm running centos-ds-8.1.0-1.el5. When I set up a list of allowed hosts
>>> for an ACI, in addition to non-matching hosts, requests via LDAPI are
>>> rejected as well. This does make sense, but is there a way to allow
>>> connections from a list of remote hosts and via LDAPI?
>>>
>>>
>> Can you provide the exact aci you're using?
>>
>
> (targetattr = "roomNumber || uid || ..... || telephoneNumber ||
> facsimileTelephoneNumber")
> (version 3.0;
> acl "Anonymous access";
> allow (read,compare,search)
> (userdn = "ldap:///anyone") and
> (ip="172.16.*.*")
>
>
> Currently this excludes LDAPI and I'd like to allow it.
>
Please file a bug. I don't think the aci syntax knows about ldapi.
> Regards,
> Deyan
>
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 12:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org