[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Help with ACL
I am trying to set up a ACL. I had already picked up the book by O'Reilly
that everyone says sucks trying to follow the example the they have in it,
but I get the following error:
/usr/local/etc/openldap/slapd.conf: line 39: expecting <access> got
"cn=rootmn,o=mydomain,c=US"
<access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
<what> ::= * | [dn[.<dnstyle>]=<regex>] [filter=<ldapfilter>]
[attrs=<attrlist>]
<attrlist> ::= <attr> | <attr> , <attrlist>
<attr> ::= <attrname> | entry | children
<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<regex> ]
[dnattr=<attrname>]
[group[/<objectclass>[/<attrname>]][.<style>]=<regex>]
[peername[.<style>]=<regex>] [sockname[.<style>]=<regex>]
[domain[.<style>]=<regex>] [sockurl[.<style>]=<regex>]
[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
<dnstyle> ::= regex | base | exact (alias of base) | one | sub | children
<style> ::= regex | base | exact (alias of base)
<groupflags> ::= R
<access> ::= [self]{<level>|<priv>}
<level> ::= none | auth | compare | search | read | write
<priv> ::= {=|+|-}{w|r|s|c|x}+
<control> ::= [ stop | continue | break ]
I am trying to set an access list that only allows rootmn access to read or
write to ldap. Here is what I have in my slapd.conf.
access to *
by cn=rootmn,o=mydomain,c=US write
Since this kicks out the error above, I know it is wrong. Can someone tell
me my mistake and I am new to ldap and I picked up the O'Reilly hoping for
more in depth information on ldap. Can someone point me to some good
resources for ldap that explain it starting at a beginners level.
Russell Premont
Quote me as saying I was mis-quoted.
-Groucho Marx