[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Upgrading ACLs
I am upgrading from openldap-2.1.22 to openldap-2.2.23, and I am having some
difficulty getting the ACLs to a state that the new version is happy with.
Can anyone describe (or point me to a document that describes) the ACL syntax
differences between these versions? My searches have so far have produced
only fragmentary results.
What I've learned so far: I found I needed to change "access to dn=" to
"access to dn.regex=" when the dn contained any regular expression syntax.
After making this change, slapd starts without complaint, but it appears that
my "by group=" access rules are not being used, if I am interpreting the
slapd logging output correctly.
I also changed "attr=" to "attrs=" for each ACL.
Other possibly relevant information: Some of the group identifiers contain
references to a match group in dn.regex, such as:
access to dn.regex="dc=([^,]+),o=([^,]+)"
by group="cn=admin,ou=sys,o=$2"
As you can probably tell, I'm groping in the dark a bit. Any direction is
appreciated.
Thank you,
Jeffrey