RE: insert an olcAccess line in cn=config?

[Aaron Bennett <abennett@clarku.edu>]

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Thursday, September 13, 2012 3:51 AM
To: Aaron Bennett
Cc: openldap-technical@openldap.org
Subject: Re: insert an olcAccess line in cn=config?

>Read draft-chu-ldap-xordered-xx.txt

>http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=tree;f=doc/drafts;h=90f2d012bad6e174acf9fc2301e4efc6c2d448fe;hb=HEAD

Thanks, Howard.  That's good stuff.

I decided to take Apache Directory Studio out of the picture...
dn: olcDatabase={1}bdb,cn=config
add:
olcAccess: {9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read  by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read  by users read  by self read  by * none
                                                                                                                                                 
What I get when I try to ldapadd it is:



$ ldapadd  -v -H ldaps://testanimal.clarku.edu -x -D "cn=config" -W  -f ldif.ldif
ldap_initialize( ldaps://testanimal.clarku.edu:636/??base )
add add:
	
add olcAccess:
	{9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read  by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read  by users read  by self read  by * none 
adding new entry "olcDatabase={1}bdb,cn=config"
ldap_add: Undefined attribute type (17)
	additional info: add: attribute type undefined

I know I'm missing something simple... thanks for your time.

-Aaron