[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: insert an olcAccess line in cn=config?
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: Thursday, September 13, 2012 3:51 AM
To: Aaron Bennett
Cc: openldap-technical@openldap.org
Subject: Re: insert an olcAccess line in cn=config?
>Read draft-chu-ldap-xordered-xx.txt
>http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=tree;f=doc/drafts;h=90f2d012bad6e174acf9fc2301e4efc6c2d448fe;hb=HEAD
Thanks, Howard. That's good stuff.
I decided to take Apache Directory Studio out of the picture...
dn: olcDatabase={1}bdb,cn=config
add:
olcAccess: {9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read by users read by self read by * none
What I get when I try to ldapadd it is:
$ ldapadd -v -H ldaps://testanimal.clarku.edu -x -D "cn=config" -W -f ldif.ldif
ldap_initialize( ldaps://testanimal.clarku.edu:636/??base )
add add:
add olcAccess:
{9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read by users read by self read by * none
adding new entry "olcDatabase={1}bdb,cn=config"
ldap_add: Undefined attribute type (17)
additional info: add: attribute type undefined
I know I'm missing something simple... thanks for your time.
-Aaron