[Date Prev][Date Next]
RE: Serious problem with access clause (ITS#2557)
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of firstname.lastname@example.org
> Full_Name: Quanah Gibson-Mount
> Version: 2.1.20
> OS: Solaris 8
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (220.127.116.11)
> I find that I cannot implement the following ACL due to limitations in
> access to dn.children="cn=People,dc=stanford,dc=edu"
> by dn.base="cn=adharv,cn=applications,dc=stanford,dc=edu" read
> by * break
> The error I receive is:
> /usr/local/etc/openldap/slapd.acl: line 62: unknown attr
> "suGwAffilPhon" in to
> Obviously, it is reaching a string limit.
> I can not fix this by making it
> seperate lines, as it uses a line break to differentiate
> between the to and by pieces of the ACL.
That's not true; the ACL parser doesn't care about line breaks, it just looks
for the word "to" or "by" wherever it occurs in the input. Break up the input
into multiple lines anywhere you wish, it will work.
You might also be able to shorten the list if any of those attributes are
completely defined by a particular objectclass. Then you could just use
attrs=<objectclass> to control access to all of the attributes in that
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support