[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3390) Comments in mutliline directive in slapd.conf are not allowed



Full_Name: Etienne Goyer
Version: 2.1.19
OS: Fedora Core 2
URL: 
Submission from: (NULL) (199.202.104.154)


Hi,

Not a bug per se, but it might be worth a mention in the documentation. 
Multiline directive, such as access directive often are, cannot contain embedded
comments as it stop evaluation of the directive at that point.  An exemple is
worth a thousand words :

access to attr=userPassword
    by * write
    # by dn=cn=passwordmanager,dc=domain,dc=com write
    by anonymous auth


This directive would make authentication impossible, as the ACL evaluation seem
to stop before the "by anonymous auth" line.

I guess it should be fairly obvious for experienced OpenLDAP admin, but I wasted
a fair amount of time recently pulling my hair about why authentication broke
when I configured ACL.  I guess a little mention in the "OpenLDAP Administrator
Guide" would be appropriate to steer beginning admin such as me.

Thanks !