Univention Bugzilla – Attachment 5807 Details for
Bug 34203
IPv6 support for ldap/acl/read/ips
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add anonymous read from IPv6 addresses [UNTESTED]
34xxx_ldap-anonymous-ipv6.diff (text/plain), 3.79 KB, created by
Philipp Hahn
on 2014-02-26 14:26 CET
(
hide
)
Description:
Add anonymous read from IPv6 addresses [UNTESTED]
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2014-02-26 14:26 CET
Size:
3.79 KB
patch
obsolete
>diff --git a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave >index 933c37b..430a1d4 100644 >--- a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave >+++ b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave >@@ -24,10 +24,11 @@ if baseConfig['ldap/hostdn']: > print 'access to *' > if baseConfig.is_false('ldap/acl/read/anonymous'): > print ' by users read' >- ldap_acl_read_anonymous_ips = baseConfig.get('ldap/acl/read/ips') >- if ldap_acl_read_anonymous_ips: >- for ip in ldap_acl_read_anonymous_ips.split(','): >+ for ip in configRegistry.get('ldap/acl/read/ips', '').split(',') >+ if '.' in ip: > print ' by peername.ip=%s read' % ip >+ elif ':' in ip: >+ print ' by peername.ipv6=%s read' % ip > else: > print ' by * read' > print >diff --git a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end >index 47ba3de..b6a9170 100644 >--- a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end >+++ b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end >@@ -149,10 +149,11 @@ else: > print ' by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr ) > if configRegistry.is_false('ldap/acl/read/anonymous'): > print ' by users read' >- ldap_acl_read_anonymous_ips = configRegistry.get('ldap/acl/read/ips') >- if ldap_acl_read_anonymous_ips: >- for ip in ldap_acl_read_anonymous_ips.split(','): >+ for ip in configRegistry.get('ldap/acl/read/ips', '').split(',') >+ if '.' in ip: > print ' by peername.ip=%s read' % ip >+ elif ':' in ip: >+ print ' by peername.ipv6=%s read' % ip > else: > print ' by * read' > >diff --git a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables >index 2503faf..aebb4d6 100644 >--- a/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables >+++ b/branches/ucs-3.2/ucs-3.2-1/management/univention-ldap/debian/univention-ldap-server.univention-config-registry-variables >@@ -121,8 +121,8 @@ Type=bool > Categories=service-ldap > > [ldap/acl/read/ips] >-Description[de]=Wenn die LDAP-Suche nur authentifiziert möglich ist (siehe 'ldap/acl/read/anonymous'), können einzelne IP-Adressen über diese Variable für den anonymen Lesezugriff freigeschaltet werden. Mehrere Werte werden durch Komma getrennt. >-Description[en]=If only authenticated LDAP searches are allowed (see 'ldap/acl/read/anonymous'), individual IP addresses can be granted anonymous read permissions via this variable. Multiple values are separated by commas. >+Description[de]=Wenn die LDAP-Suche nur authentifiziert möglich ist (siehe 'ldap/acl/read/anonymous'), können einzelne IPv4- und IPv6-Adressen über diese Variable für den anonymen Lesezugriff freigeschaltet werden. Mehrere Werte werden durch Komma getrennt. >+Description[en]=If only authenticated LDAP searches are allowed (see 'ldap/acl/read/anonymous'), individual IPv4 and IPv6 addresses can be granted anonymous read permissions via this variable. Multiple values are separated by commas. > Type=str > Categories=service-ldap >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5807">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 34203
: 5807