[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: Serious problem with access clause (ITS#2557)

To: openldap-its@OpenLDAP.org
Subject: RE: Serious problem with access clause (ITS#2557)
From: quanah@stanford.edu
Date: Fri, 30 May 2003 06:52:31 GMT

--On Thursday, May 29, 2003 10:57 PM -0700 Howard Chu <hyc@symas.com> wrote:
>
> That's not true; the ACL parser doesn't care about line breaks, it just
> looks for the word "to" or "by" wherever it occurs in the input. Break up
> the input into multiple lines anywhere you wish, it will work.

I tried this, seperating after the comma on the end of a line and it just 
plain does not work.

I get the following errors in my log file:

May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 63: unknown directive 
"suPrivilegeGroup,suDisplayNameLF,displayName,suPrimaryOrganizat
ionID,ou,uid,suRegID,suVisibEmail," outside backend info and database 
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 64: unknown directive 
"suVisibHomeAddress,suVisibHomePage,suVisibHomePhone,suVisibIden
tity,suVisibLocalAddress," outside backend info and database definitions 
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 65: unknown directive 
"suVisibLocalPhone,suVisibMailAddress,suVisibMobilePhone,suVisib
PagerEmail,suVisibPagerPhone," outside backend info and database 
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 66: unknown directive 
"suVisibPermanentAddress,suVisibPermanentPhone,suVisibProfile,su
VisibSunetID,suVisibAffiliation1," outside backend info and database 
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 67: unknown directive 
"suVisibAffiliation2,suVisibAffiliation3,suVisibAffiliation4,suV
isibAffiliation5," outside backend info and database definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 68: unknown directive 
"suVisibAffilAddress1,suVisibAffilAddress2,suVisibAffilAddress3,
suVisibAffilAddress4," outside backend info and database definitions 
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 69: unknown directive 
"suVisibAffilAddress5,suVisibAffilPhone1,suVisibAffilPhone2,suVi
sibAffilPhone3,suVisibAffilPhone4," outside backend info and database 
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 70: unknown directive 
"suVisibAffilPhone5,suGwAffiliation1,suGwAffiliation2,suGwAffili
ation3,suGwAffiliation4," outside backend info and database definitions 
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 71: unknown directive 
"suGwAffiliation5,suGwAffilAddress1,suGwAffilAddress2,suGwAffilA
ddress3,suGwAffilAddress4," outside backend info and database definitions 
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 72: unknown directive 
"suGwAffilAddress5,suGwAffilMailCode1,suGwAffilMailCode2,suGwAff
ilMailCode3,suGwAffilMailCode4," outside backend info and database 
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 73: unknown directive 
"suGwAffilMailCode5,suGwAffilPhone1,suGwAffilPhone2,suGwAffilPho
ne3,suGwAffilPhone4,suGwAffilPhone5," outside backend info and database 
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 74: unknown directive 
"suLocalAddress,suPermanentAddress,suMailAdress,street,homePosta
lAddress,postalAddress,suLocalPhone," outside backend info and database 
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug] 
/usr/local/etc/openldap/sl
apd.acl: line 77: unknown directive 
"suPermanentPhone,suResidentPhone,facsimileTelephoneNumber,homeP
hone,telephoneNumber,mobile" outside backend info and database definitions 
(ignored)



> You might also be able to shorten the list if any of those attributes are
> completely defined by a particular objectclass. Then you could just use
> attrs=<objectclass> to control access to all of the attributes in that
> <objectclass>.

I thought of that, unfortunately, the objectclasses those attributes are in 
contain many more attributes than that that we don't want adharv to have 
access to.



--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Prev by Date: RE: Serious problem with access clause (ITS#2557)
Next by Date: RE: Serious problem with access clause (ITS#2557)
Index(es):
- Chronological
- Thread