[Date Prev][Date Next] [Chronological] [Thread] [Top]

Help with ACL

I am trying to set up a ACL. I had already picked up the book by O'Reilly
that everyone says sucks trying to follow the example the they have in it,
but I get the following error:

/usr/local/etc/openldap/slapd.conf: line 39: expecting <access> got

<access clause> ::= access to <what> [ by <who> <access> [ <control> ] ]+
<what> ::= * | [dn[.<dnstyle>]=<regex>] [filter=<ldapfilter>]
<attrlist> ::= <attr> | <attr> , <attrlist>
<attr> ::= <attrname> | entry | children
<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<regex> ]
        [peername[.<style>]=<regex>] [sockname[.<style>]=<regex>]
        [domain[.<style>]=<regex>] [sockurl[.<style>]=<regex>]
        [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
<dnstyle> ::= regex | base | exact (alias of base) | one | sub | children
<style> ::= regex | base | exact (alias of base)
<groupflags> ::= R
<access> ::= [self]{<level>|<priv>}
<level> ::= none | auth | compare | search | read | write
<priv> ::= {=|+|-}{w|r|s|c|x}+
<control> ::= [ stop | continue | break ]

I am trying to set an access list that only allows rootmn access to read or
write to ldap. Here is what I have in my slapd.conf.

access to *
        by cn=rootmn,o=mydomain,c=US write

Since this kicks out the error above, I know it is wrong. Can someone tell
me my mistake and I am new to ldap and I picked up the O'Reilly hoping for
more in depth information on ldap. Can someone point me to some good
resources for ldap that explain it starting at a beginners level.

Russell Premont

Quote me as saying I was mis-quoted.
-Groucho Marx