[Date Prev][Date Next]
(ITS#3390) Comments in mutliline directive in slapd.conf are not allowed
Full_Name: Etienne Goyer
OS: Fedora Core 2
Submission from: (NULL) (220.127.116.11)
Not a bug per se, but it might be worth a mention in the documentation.
Multiline directive, such as access directive often are, cannot contain embedded
comments as it stop evaluation of the directive at that point. An exemple is
worth a thousand words :
access to attr=userPassword
by * write
# by dn=cn=passwordmanager,dc=domain,dc=com write
by anonymous auth
This directive would make authentication impossible, as the ACL evaluation seem
to stop before the "by anonymous auth" line.
I guess it should be fairly obvious for experienced OpenLDAP admin, but I wasted
a fair amount of time recently pulling my hair about why authentication broke
when I configured ACL. I guess a little mention in the "OpenLDAP Administrator
Guide" would be appropriate to steer beginning admin such as me.