[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: naming attribute error (ITS#2938)

To: openldap-its@OpenLDAP.org
Subject: Re: naming attribute error (ITS#2938)
From: ando@sys-net.it
Date: Tue, 17 Feb 2004 20:06:31 GMT

> OK, that allows me to slapadd my ldif file, thanks.

do you confirm I can close the ITS?

>
> However, when I uncomment this acl:
> 	access to dn="ucrCid=.+,ou=old,dc=ucr,dc=edu"
> 		by * none
> Both slapadd and slapd complain that there is a "bad DN ... in to DN
> clause" (in reference to that acl).

this has nothing to do with the above error.
You're using a regular exception in an ACL
<what> clause that needs an exact DN, and
what you're providing is incorrect as per
rfc 2253; if you mean to use a regex you
need to write

access to dn.regex="ucrCid=.+,ou=old,dc=ucr,dc=edu"

note that this ACL could be far from appropriate,
since it is likely to matcch more than what
you intended.  If you mean access to any
entry with "ucrCid=" and ",ou=old,dc=ucr,dc=edu"
anywhere, provided they're in this order, then
you're fine.  If you mean entries one level below
"ou=old,dc=ucr,dc=edu" and with ucrCid as the only
AVA in their RDN, since ucrCid should only be made
of digits you can use

access to dn.regex="^ucrCid=[0-9]+,ou=old,dc=ucr,dc=edu$$"

if you don't really mind about the attribute type
of the RDN, this is just fine:

access to dn.onelevel="ou=old,dc=ucr,dc=edu"

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Prev by Date: Re: back-meta: possible bug in the handling of the candidate targets (ITS#2935)
Next by Date: Re: naming attribute error (ITS#2938)
Index(es):
- Chronological
- Thread