[Date Prev][Date Next]
Re: ACL OK in 2.0/2.1 not OK in 2.2
--On Tuesday, June 22, 2004 4:33 PM -0700 firstname.lastname@example.org wrote:
I have a little test server using OpenLDAP as a NIS replacment.
I've been able to use the ACLs below for quite some time with no troubles.
When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
syntax error on line 13. The error message is "bad DN "()" in to DN
I've tried changing the ACL line to "access to dn.base="" by * read". That
parses OK, but my clients are broken.
On my client if I do a "ldapsearch -Z -x" I get no results back, whereas
before with OpenLDAP v2.0/v2.1 I would see all the contents (/etc/passwd,
and /etc/group equiv).
1 access to attr=userPassword
2 by self write
3 by anonymous auth
5 access to dn="uid=(.*),ou=.*,dc=com" attr=sn,givenName,homePhone
6 by self write
7 by users read
9 access to dn="uid=.*,dc=com" attr=mail
10 by users read
11 by * none
13 access to dn=() by * read
15 access to *
16 by users read
17 by anonymous none
All help, comments, suggestions, greatly appreciated.
1) Upgrade to OpenLDAP 2.2.13
2) read the manpage on slapd.access
specifically look at:
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html