[Date Prev][Date Next]
Re: ACL OK in 2.0/2.1 not OK in 2.2
* firstname.lastname@example.org <email@example.com> [2004-06-23 01:50]:
> I've been able to use the ACLs below for quite some time with no troubles.
> When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
> syntax error on line 13. The error message is "bad DN "()" in to DN
I'm not sure this is related but I have a similar situation where I have
to use certain settings in slapd.conf for an external software:
it worked OK on the OpenLDAP 2.1.30 FreeBSD port (changed to include
--enable-aci since this is used by the external softare), but the same
config file fails on a fresh install from stable sources (2.2.13):
slapd.conf: line nnn: bad DN "uid=[^,]+,dc=..." in DN clause
with the offending part being:
access to dn="uid=[^,]+,"dc=domain,dc=components,dc=org"" attr=c,cn,telephoneNumber,.....
by aci write break
by self write
by users read
by peername="ip=127\.0\.0\.1" read
by * none
now, the regex seems to be the offending part  but then I don't
understand why the same config works ok on my other install (same OS,
most other things the same as well).
if I only remembered what I did last time to make it work...
 and there's the Faq-O-Matic entry regarind pros and cons of aci:
"The disadvantages are:
1. There is no regex matching for subjects or objects."