[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ang. RE: Bdb defaults - WAS: problem importing entries.

> --On Tuesday, June 15, 2004 4:21 PM +0200 Buchan Milne
> <bgmilne@obsidian.co.za> wrote:
>># Protect passwords, using a regex so we can have generic accounts with
>># write access
>># Openldap will not authenticate against non-userPassword attributes
>># but we would have to duplicate most rules ...
>> access to dn="(.+,)?,ou=.+,(dc=.+,?)+$$"

The above doesn't work, since the default for "dn" in ACL is "exact" (the
pros and cons of relying on defaults...); you had too many commas in your
first part of the ACL, and there's an extra '$' at the end; this,
moreover, will never match anything, because if $1 matches, there will be
two consecutive commas in your pattern; if it doesn't, the DN will start
with a comma, which is illegal.  but, since you didn't put any '^' at the
beginning, anything can appear before "ou=", even
"landrou=x,dc=example,dc=com" would match, which I guess is not hat you
meant; you should have done

access to dn.regex="^(.+,)?ou=.+,(dc=.+,?)+$"

But google will index your message, and at some point someone will mail
this list asking for help because the advice [s]he googled out of the
internet doesn't work [any more] so an error must have slipped into the
code (as stuff googled out of the internet cannot be wrong, only code can
be); am I too pessimistic? It already happened.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497