[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help about aci]

To: kurash@sassafras.com
Subject: Re: help about aci]
From: Szelei Gabor <gabor.szelei@mo.mailnet.fi>
Date: Wed, 25 Oct 2000 09:10:55 +0300
Cc: openldap-devel@OpenLDAP.org
References: <39F56B4C.D99E02D3@mo.mailnet.fi> <"v04220800b61b4163b059(a)(091)192.168.0.8(093)*"@MHS>

Hi!

Thanks for your answer. It is almost working. :(

ldapmodify -D 'cn=manager,o=sonera,c=fi' -w secret
dn: cn=+358408308432,ou=pcm,o=sonera,c=fi
add: OpenLDAPaci
OpenLDAPaci:
1.2.3.4#entry#grant;r,w;[all]#access-id#cn=phoenix,ou=admin,o=sonera,c=fi

modifying entry "cn=+358408308432,ou=pcm,o=sonera,c=fi"
ldap_modify: Inappropriate matching
	additional info: modify: add values failed

ldif_record() = 18

? What can cause that problem?

regards: Szelei Gabor

kurash@sassafras.com wrote:
> 
> The aci syntax OpenLDAP currently uses is not like that described in
> the latest IETF draft, although it started out that way.  Here is a
> basic example of what is currently implemented:
> 
> 1.2.3.4#entry#grant;r,w;theAttr#access-id#cn=phoenix,ou=admin,o=sonera,c=fi
> 
> Check out servers/slapd/acl.c (search for "oid#") for a more generic
> template.  The attribute type that has been defined for this is
> OpenLDAPaci, so your ldif file should have:
> 
>      dn: cn=+358408308432,ou=pcm,o=sonera,c=fi
>      add: OpenLDAPaci
>      OpenLDAPaci: 1.2.3.4#entry#...
> 
> Hope that helps,
> 
> Mark.
> 
> >I would like to use aci access control method. I know is experimental
> >and undocumented yet.
> >I use OpenLDAP 2.0.6 with aci feature enabled. Which type of attribe
> >should I use? What ietf draft should I follow for the proper syntax?
> >
> >from slapd -d 65535:
> >line 79 (access to *  by self write by aci=OpenLDAPaci write by
> >dn.exact="cn=admin,ou=admin,o=sonera,c=fi" write by * read)
> >Backend ACL: access to *
> >          by self write (=wrscx)
> >          by aci=OpenLDAPaci write (=wrscx)
> >          by dn.base=CN=ADMIN,OU=ADMIN,O=SONERA,C=FI write (=wrscx)
> >          by * read (=rscx)
> >
> >OpenLDAPaci is defined in core.schema
> >
> >I trid to use this way(ldif):
> >
> >dn: cn=+358408308432,ou=pcm,o=sonera,c=fi
> >add: OpenLDAPaci
> >aci:
> >1.2.3.4#enrty#grant:#rw#[all]#access-id#cn=phoenix,ou=admin,o=sonera,c=fi
> >
> >ldap_add: Undefined attribute type
> >          additional info: attribute type undefined
> >
> >Do you the solution of this problem?
> >
> >regards: Szelei Gabor

References:
- help about aci]
  - From: Szelei Gabor <gabor.szelei@mo.mailnet.fi>

Prev by Date: Re: UTF8 case insensitive matching
Next by Date: Re: back-ldap problem with Win2000 Active Directory
Index(es):
- Chronological
- Thread