diff --git a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave index 933c37b..430a1d4 100644 --- a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave +++ b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave @@ -24,10 +24,11 @@ if baseConfig['ldap/hostdn']: print 'access to *' if baseConfig.is_false('ldap/acl/read/anonymous'): print ' by users read' - ldap_acl_read_anonymous_ips = baseConfig.get('ldap/acl/read/ips') - if ldap_acl_read_anonymous_ips: - for ip in ldap_acl_read_anonymous_ips.split(','): + for ip in configRegistry.get('ldap/acl/read/ips', '').split(',') + if '.' in ip: print ' by peername.ip=%s read' % ip + elif ':' in ip: + print ' by peername.ipv6=%s read' % ip else: print ' by * read' print diff --git a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end index 47ba3de..b6a9170 100644 --- a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end +++ b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end @@ -149,10 +149,11 @@ else: print ' by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr ) if configRegistry.is_false('ldap/acl/read/anonymous'): print ' by users read' - ldap_acl_read_anonymous_ips = configRegistry.get('ldap/acl/read/ips') - if ldap_acl_read_anonymous_ips: - for ip in ldap_acl_read_anonymous_ips.split(','): + for ip in configRegistry.get('ldap/acl/read/ips', '').split(',') + if '.' in ip: print ' by peername.ip=%s read' % ip + elif ':' in ip: + print ' by peername.ipv6=%s read' % ip else: print ' by * read' diff --git a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables index 2503faf..aebb4d6 100644 --- a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables +++ b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables @@ -121,8 +121,8 @@ Type=bool Categories=service-ldap [ldap/acl/read/ips] -Description[de]=Wenn die LDAP-Suche nur authentifiziert möglich ist (siehe 'ldap/acl/read/anonymous'), können einzelne IP-Adressen über diese Variable für den anonymen Lesezugriff freigeschaltet werden. Mehrere Werte werden durch Komma getrennt. -Description[en]=If only authenticated LDAP searches are allowed (see 'ldap/acl/read/anonymous'), individual IP addresses can be granted anonymous read permissions via this variable. Multiple values are separated by commas. +Description[de]=Wenn die LDAP-Suche nur authentifiziert möglich ist (siehe 'ldap/acl/read/anonymous'), können einzelne IPv4- und IPv6-Adressen über diese Variable für den anonymen Lesezugriff freigeschaltet werden. Mehrere Werte werden durch Komma getrennt. +Description[en]=If only authenticated LDAP searches are allowed (see 'ldap/acl/read/anonymous'), individual IPv4 and IPv6 addresses can be granted anonymous read permissions via this variable. Multiple values are separated by commas. Type=str Categories=service-ldap