[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL OK in 2.0/2.1 not OK in 2.2





--On Tuesday, June 22, 2004 4:33 PM -0700 lugzug@lenin.net wrote:


I have a little test server using OpenLDAP as a NIS replacment.

I've been able to use the ACLs below for quite some time with no troubles.
When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
syntax error on line 13.  The error message is "bad DN "()" in to DN
clause".

I've tried changing the ACL line to "access to dn.base="" by * read". That
parses OK, but my clients are broken.

On my client if I do a "ldapsearch -Z -x" I get no results back, whereas
before with OpenLDAP v2.0/v2.1 I would see all the contents (/etc/passwd,
and /etc/group equiv).

 1 access to attr=userPassword
 2         by self write
 3         by anonymous auth
 4
 5 access to dn="uid=(.*),ou=.*,dc=com" attr=sn,givenName,homePhone
 6         by self write
 7         by users read
 8
 9 access to dn="uid=.*,dc=com" attr=mail
10         by users read
11         by * none
12
13 access to dn=() by * read
14
15 access to *
16         by users read
17         by anonymous none

All help, comments, suggestions, greatly appreciated.

1) Upgrade to OpenLDAP 2.2.13

2) read the manpage on slapd.access

specifically look at:

        <dnstyle>={{exact|base}|regex|sub(tree)|one(level)|children}

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html