Re: Problems with slapcat/slapadd in upgrade from 2.2.23 to 2.3.11

[Pierangelo Masarati <ando@sys-net.it>]

On Thu, 2005-10-20 at 13:29 -0700, Charles Stephens wrote:
> Is there a reference on ACI syntax?  What is wrong with this specific  
> entry?

There is no formal specification (yet); values that used to be legal are
still legal, and few extensions have been added in HEAD.  Of course,
ACIs need to be explicitly enabled by using --enable-aci at configure.

I don't see anything strange at a first glance.  Maybe enabling enough
debugging when slapadd'ing that specific value may enlight a bit.

If your intention is to use a custom group objectClass "dnGroup", I
think the trailing "/dnGroup" should be put after "group" instead, i.e.

OpenLDAPaci: 1#entry#grant;w;
[all]#group/dnGroup#cn=sysops,ou=application,ou=groups,dc=cowlabs,dc=com

and of course you need to make sure that the objectClass "dnGroup" is
defined.

p.



    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497