I have followed the format in slapd.access. How can this still be a bad dn??

[jay alvarez <ldapb0y@yahoo.com>]

Hi,

My access list is very simple, grant access to
everyone to anywhere by my sasl converted dn.
Here's the config directives:

#sasl-host   gaheris.camlann.pregi.net
sasl-realm CAMLANN.PREGI.NET
sasl-regexp
uid=(.*),cn=camlann.pregi.net,cn=gssapi,cn=auth 
uid=$1,ou=staff,dc=preginet

#<<<  Begin Access Control  >>>
access to * by dn="uid=matato,ou=staff,dc=preginet"
read


When I change this access to * by *, the regexp works
and I can see that
uid=matato,cn=CAMLANN.PREGI.NET,cn=gssapi,cn=auth

is being replaced by:
uid=matato,ou=staff,dc=preginet

How come when I change the access to:
access to * by dn="uid=matato,ou=staff,dc=preginet"
read

It says bad DN:
I've read slapd.access(5) and I've followed this
format
access to *
 by dn[.<dnstyle>[,<modifier>]]=<DN> read


Such that if I were to give a read access to
uid=matato,ou=staff,dc=preginet.. I would say

by dn="uid=matato,ou=staff,dc=preginet" or
by dn.exact="uid=matato,ou=staff,dc=preginet"


But still, I get the same error:
line 10: bad DN "uid=matato,ou=staff,dc=preginet" in
by DN clause


BTW. I've been to the faq and found this but didn't
quite helped me...

"The target (or other) DN of the operation is invalid.
This implies that either the string representation of
the DN is not in the required form, one of the types
in the attribute value assertions is not defined, or
one of the values in the attribute value assertions
does not conform to the appropriate syntax. "


I can't see why the I have supplied dn is being
treated invalid after following the slapd.access
format....


Any idea?
Thanks!


		
____________________________________________________ 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com