Bug 1564171
Summary: | aci with ip clause, ipv6 value, and wildcard is not working. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | German Parente <gparente> |
Component: | 389-ds-base | Assignee: | mreynolds |
Status: | CLOSED WORKSFORME | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | gparente, nkinder, rmeggins |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-07 12:24:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
German Parente
2018-04-05 14:32:39 UTC
Do IPv4 addresses with wildcards work? Or is it just IPv6? I have tested wildcard and ipv4 and it works fine: aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow( read,search,compare) (userdn="ldap:///anyone") and (ip="10.10.179.*");) Upstream ticket: https://pagure.io/389-ds-base/issue/49724 So you can not use "*" wildcards with IPv6 in ACIs, but you can use CIDR Subnets prefix lengths So it would work like this: 2601:989:4400:4f30:128c:b936:66e7:58c6 2601:989:4400:4f30:128c:b936:66e7:* == 2601:989:4400:4f30:128c:b936:66e7::/112 2601:989:4400:4f30:128c:b936:* == 2601:989:4400:4f30:128c:b936::/96 (targetattr = "uid || cn") (version 3.0;acl "Enable anonymous access";allow (read,compare,search)(userdn = "ldap:///anyone") and (ip="2601:989:4400:4f30:128c:b936:66e7::/112");) |