RE: error in slapd.conf

["Hall, Ken (ECSS)" <KeHall@exchange.ml.com>]

This bit me too.  Slapd is very sensitive about the format of access list entries.  It goes by indents.  All rules for a given entry have to be together, and properly indented.  For example, this:

access to attr=givenName,sn,krbName,krb5PrincipalName
        by dn="cn=Manager,dc=xx,dc=com" write
        by self write
        by users read

is different from this:

access to attr=givenName,sn,krbName,krb5PrincipalName
        by dn="cn=Manager,dc=xx,dc=com" write
#        by self write
        by users read

The last line won't be properly recognized because the "comment" line ends the group.

> -----Original Message-----
> From: Tony Earnshaw [mailto:tonni@billy.demon.nl]
> Sent: Friday, December 27, 2002 2:02 PM
> To: Lord Chaser
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: error in slapd.conf
> 
> 
> fre, 2002-12-27 kl. 18:37 skrev Lord Chaser:
> > I am trying to put up a virtual mailserver but it needs 
> openldap. I am
> > am having some problems with slapd.conf:
> >  
> > when I run: /usr/local/libexec/slapd 
> >  
> > I get: /usr/local/etc/openldap/slapd.conf: line 38: 
> expecting <access>
> > got "cn=postmaster,jvd=$1,o=ChaseNET,dc=icarus,dc=dyn,dc=ee"
> 
> Well, I only cast a cursory glance, so whether your regexes 
> will work in
> practice or not I don't know.
> 
> But the thing would seem to be telling you it doesn't like 
> the '\' line
> separator. It expects each qualifying statement on one line. It seems
> quite explicit about that.
> 
> It's also normal to put ACLs above database/index statements, but I
> don't suppose that matters much.
> 
> Best,
> 
> Tony
>  
> -- 
> 
> Tony Earnshaw
> 
> When all's said and done ...
> there's nothing left to say or do.
> 
> e-post:		tonni@billy.demon.nl
> www:		http://www.billy.demon.nl
> 
> 
> 
>