[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ACL 'domain='

[I'm just posting this for the archives, sorry for the overhead]

Quoting Turbo Fredriksson <turbo@bayour.com>:

> I'm setting up a 2.1.21 server at home, so I can test
> the new server types...
> The idea is/was to use ACI's in the database, so I don't
> have to maintain a complicated ACL. The ACL I'm trying to
> use is:
> ----- s n i p -----
> # We need to do SASL auth, so the Root DSE must be readable to anyone
> access to dn="" attr=supportedSASLMechanisms,objectClass,entry
>         by domain=.*\.bayour\.com read
>         by domain=localhost read
> ----- s n i p -----

To make this work in a 2.1 server, the config option 'reverse-lookup on'
needs to be used. This is in the manual for slapd.conf, but I'm one of
those that don't read manuals :).

Oh, and slapd must be configured at compile time with '--enable-rlookups'
(which I did, I thought it would be turned on automaticly, which it didn't).

> Starting slapd as 'slapd -h ldap://' (or ldap://,
> the supportedSASLMechanisms is shown, but NOT if I'm leaving the '-h'
> option out... Why?

This must have been a fluke. It didn't work the day after, and it
took me a couple of days to find the manual :).