IP clause in ACI attributes
On 04/26/2012 03:06 PM, Iain Morgan wrote:
I'm attempting to use an IP clause in an ACI attribute to restrict
privileges for a particular DN to connections from a particular host.
The ACI attribute is successfully added by ldapmodify, but does not
work. As a workaround, I had to use a DNS clause instead, but this is
not desirable from either a performance or a security perspective.
The access log shows the connection coming from the expected IPv4
address, but when I enabled the appropriate debugging level I found that
the server was complaining about an IPv6 address.
It looks like the server is getting an address in the v4-in-v6 format
and since the ACLs do not support IPv6, the particular ACL fails.
Unfortunately, I seem to be at a loss to force the system to return IPv4
addresses. Any suggestions?
The system is running RHEL 6 with 389 DS 220.127.116.11.
/etc/modprobe.d/ipv6.conf has already been configured to disable IPv6
Sounds like a bug - perhaps this is a symptom of
389 users mailing list