[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Serious problem with access clause (ITS#2557)
--On Thursday, May 29, 2003 10:57 PM -0700 Howard Chu <hyc@symas.com> wrote:
>
> That's not true; the ACL parser doesn't care about line breaks, it just
> looks for the word "to" or "by" wherever it occurs in the input. Break up
> the input into multiple lines anywhere you wish, it will work.
I tried this, seperating after the comma on the end of a line and it just
plain does not work.
I get the following errors in my log file:
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 63: unknown directive
"suPrivilegeGroup,suDisplayNameLF,displayName,suPrimaryOrganizat
ionID,ou,uid,suRegID,suVisibEmail," outside backend info and database
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 64: unknown directive
"suVisibHomeAddress,suVisibHomePage,suVisibHomePhone,suVisibIden
tity,suVisibLocalAddress," outside backend info and database definitions
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 65: unknown directive
"suVisibLocalPhone,suVisibMailAddress,suVisibMobilePhone,suVisib
PagerEmail,suVisibPagerPhone," outside backend info and database
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 66: unknown directive
"suVisibPermanentAddress,suVisibPermanentPhone,suVisibProfile,su
VisibSunetID,suVisibAffiliation1," outside backend info and database
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 67: unknown directive
"suVisibAffiliation2,suVisibAffiliation3,suVisibAffiliation4,suV
isibAffiliation5," outside backend info and database definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 68: unknown directive
"suVisibAffilAddress1,suVisibAffilAddress2,suVisibAffilAddress3,
suVisibAffilAddress4," outside backend info and database definitions
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 69: unknown directive
"suVisibAffilAddress5,suVisibAffilPhone1,suVisibAffilPhone2,suVi
sibAffilPhone3,suVisibAffilPhone4," outside backend info and database
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 70: unknown directive
"suVisibAffilPhone5,suGwAffiliation1,suGwAffiliation2,suGwAffili
ation3,suGwAffiliation4," outside backend info and database definitions
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 71: unknown directive
"suGwAffiliation5,suGwAffilAddress1,suGwAffilAddress2,suGwAffilA
ddress3,suGwAffilAddress4," outside backend info and database definitions
(ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 72: unknown directive
"suGwAffilAddress5,suGwAffilMailCode1,suGwAffilMailCode2,suGwAff
ilMailCode3,suGwAffilMailCode4," outside backend info and database
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 73: unknown directive
"suGwAffilMailCode5,suGwAffilPhone1,suGwAffilPhone2,suGwAffilPho
ne3,suGwAffilPhone4,suGwAffilPhone5," outside backend info and database
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 74: unknown directive
"suLocalAddress,suPermanentAddress,suMailAdress,street,homePosta
lAddress,postalAddress,suLocalPhone," outside backend info and database
definitions (ignored)
May 29 23:50:13 ldap6.Stanford.EDU slapd[20556]: [ID 225144 local4.debug]
/usr/local/etc/openldap/sl
apd.acl: line 77: unknown directive
"suPermanentPhone,suResidentPhone,facsimileTelephoneNumber,homeP
hone,telephoneNumber,mobile" outside backend info and database definitions
(ignored)
> You might also be able to shorten the list if any of those attributes are
> completely defined by a particular objectclass. Then you could just use
> attrs=<objectclass> to control access to all of the attributes in that
> <objectclass>.
I thought of that, unfortunately, the objectclasses those attributes are in
contain many more attributes than that that we don't want adharv to have
access to.
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html