[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with ACL



Don't put them on two different lines.  It needs to be one line as I recall.

paul wilson

> I am trying to set up a ACL. I had already picked up the book by
> O'Reilly that everyone says sucks trying to follow the example the they
> have in it, but I get the following error:
>
> /usr/local/etc/openldap/slapd.conf: line 39: expecting <access> got
> "cn=rootmn,o=mydomain,c=US"
>
> <access clause> ::= access to <what> [ by <who> <access> [ <control> ]
> ]+ <what> ::= * | [dn[.<dnstyle>]=<regex>] [filter=<ldapfilter>]
> [attrs=<attrlist>]
> <attrlist> ::= <attr> | <attr> , <attrlist>
> <attr> ::= <attrname> | entry | children
> <who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<regex> ]
>         [dnattr=<attrname>]
>         [group[/<objectclass>[/<attrname>]][.<style>]=<regex>]
>         [peername[.<style>]=<regex>] [sockname[.<style>]=<regex>]
>         [domain[.<style>]=<regex>] [sockurl[.<style>]=<regex>]
>         [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
> <dnstyle> ::= regex | base | exact (alias of base) | one | sub |
> children <style> ::= regex | base | exact (alias of base)
> <groupflags> ::= R
> <access> ::= [self]{<level>|<priv>}
> <level> ::= none | auth | compare | search | read | write
> <priv> ::= {=|+|-}{w|r|s|c|x}+
> <control> ::= [ stop | continue | break ]
>
> I am trying to set an access list that only allows rootmn access to read
> or write to ldap. Here is what I have in my slapd.conf.
>
> access to *
>         by cn=rootmn,o=mydomain,c=US write
>
> Since this kicks out the error above, I know it is wrong. Can someone
> tell me my mistake and I am new to ldap and I picked up the O'Reilly
> hoping for more in depth information on ldap. Can someone point me to
> some good resources for ldap that explain it starting at a beginners
> level.
>
> Russell Premont
>
> Quote me as saying I was mis-quoted.
> -Groucho Marx