[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trouble with ACL

To: Misty Stanley-Jones <misty@borkholder.com>, OpenLDAP-software@OpenLDAP.org
Subject: Re: Trouble with ACL
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 11 Aug 2004 15:12:46 -0700
Content-disposition: inline
In-reply-to: <200408111652.51843.misty@borkholder.com>
References: <380-22004831121241144@simhouston.com> <200408111652.51843.misty@borkholder.com>

--On Wednesday, August 11, 2004 4:52 PM -0500 Misty Stanley-Jones <misty@borkholder.com> wrote:

I'm following Gerald Carter's _Ldap System Administration_ and trying to
learn  about ACLs.  On page 121, he includes the following sample:

access to dn=".*,dc=plainjoe,dc=org" attr=userPassword
	by self write
	by * auth

I'm getting syntax errors for that.  As best as I can tell, I have typed
it in  correctly (except for changing the dc components as appropriate),
but slapd  fails to start with this in the .conf file.  The error is:
/etc/openldap/slapd.conf: line 99: bad DN ".*,dc=mydomain,dc=com" in to
DN  clause

I am probably missing something stupid, but I don't know what.  I do have
several DNs in my LDAP tree already and I am able to bind to the tree and
search and add entries like crazy.

That looks like a 2.1 ACL to me. You may want to read slapd.access for OpenLDAP 2.2, which I assume you are using.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- another referral question
  - From: "joemoyle" <joemoyle@simhouston.com>
- Trouble with ACL
  - From: Misty Stanley-Jones <misty@borkholder.com>

Prev by Date: Re: SSL subjectAltName woes
Next by Date: RE: SSL subjectAltName woes
Index(es):
- Chronological
- Thread