LFCS Question #187: Real Exam Question with Answer & Explanation

The correct answer is A: by peername=192.168.1.*. To grant access to all hosts within a specific subnet (e.g., 192.168.1.0/24) in OpenLDAP ACLs, the by peername clause is used with a wildcard. The by peername=192.168.1.* directive correctly matches any IP address starting with 192.168.1.

Submitted by luis.pe· Apr 18, 2026Networking

Question

Which of the following ACL lines allows access to all hosts that have an IP address that starts with 192.168.1?

Options

Aby peername=192.168.1.*
Bby peername=192.168.1.
Cby ipaddress=192.168.1.*
Dby ipaddress=192.168.1.

Explanation

To grant access to all hosts within a specific subnet (e.g., 192.168.1.0/24) in OpenLDAP ACLs, the by peername clause is used with a wildcard. The by peername=192.168.1.* directive correctly matches any IP address starting with 192.168.1.

Common mistakes.

B. The entry by peername=192.168.1. without a wildcard would only match the exact IP address 192.168.1., which is usually not a valid IP and would not cover an entire subnet.
C. by ipaddress is not a recognized keyword in OpenLDAP ACLs for specifying client IP addresses; by peername is the correct directive for this purpose.
D. Similar to (C), by ipaddress is an incorrect keyword, and even if it were, 192.168.1. without a wildcard would not match the entire subnet.

Concept tested. OpenLDAP ACL IP subnet matching

Reference. https://www.openldap.org/doc/admin24/access.html

Topics

#Network ACLs#IP address filtering#Wildcard matching

Community Discussion

No community discussion yet for this question.

Full LFCS Practice Browse All LFCS Questions