[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3390) Comments in mutliline directive in slapd.conf are not allowed
Quoting the admin guide http://www.openldap.org/doc/admin22/slapdconfig.html
Blank lines and comment lines beginning with a '#' character
are ignored. If a line begins with white space, it is considered
a continuation of the previous line (even if the previous line
is a comment).
This means that only lines __beginning__ with '#' are treted as comments,
and all lines beginning with a blank are continuations, even when comments
are continued. You may like it or not, but it is documented indeed.
Improvements to the documentation, to the mn pages and to the FAQ are
welcome, of course, thru the ITS (see
http://www.openldap.org/devel/contributing.html for guidelines on how to
contribute).
p.
> Full_Name: Etienne Goyer
> Version: 2.1.19
> OS: Fedora Core 2
> URL:
> Submission from: (NULL) (199.202.104.154)
>
>
> Hi,
>
> Not a bug per se, but it might be worth a mention in the documentation.
> Multiline directive, such as access directive often are, cannot contain
> embedded
> comments as it stop evaluation of the directive at that point. An exemple
> is
> worth a thousand words :
>
> access to attr=userPassword
> by * write
> # by dn=cn=passwordmanager,dc=domain,dc=com write
> by anonymous auth
>
>
> This directive would make authentication impossible, as the ACL evaluation
> seem
> to stop before the "by anonymous auth" line.
>
> I guess it should be fairly obvious for experienced OpenLDAP admin, but I
> wasted
> a fair amount of time recently pulling my hair about why authentication
> broke
> when I configured ACL. I guess a little mention in the "OpenLDAP
> Administrator
> Guide" would be appropriate to steer beginning admin such as me.
>
> Thanks !
>
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497