[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL OK in 2.0/2.1 not OK in 2.2


* lugzug@lenin.net <lugzug@lenin.net> [2004-06-23 01:50]:
> I've been able to use the ACLs below for quite some time with no troubles.
> When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
> syntax error on line 13.  The error message is "bad DN "()" in to DN
> clause".

I'm not sure this is related but I have a similar situation where I have
to use certain settings in slapd.conf for an external software:
it worked OK on the OpenLDAP 2.1.30 FreeBSD port (changed to include
--enable-aci since this is used by the external softare), but the same
config file fails on a fresh install from stable sources (2.2.13):
slapd.conf: line nnn: bad DN "uid=[^,]+,dc=..." in DN clause

with the offending part being:

access to dn="uid=[^,]+,"dc=domain,dc=components,dc=org"" attr=c,cn,telephoneNumber,.....
  by aci write break
  by self write
  by users read
  by peername="ip=127\.0\.0\.1" read
  by * none

now, the regex seems to be the offending part [1] but then I don't
understand why the same config works ok on my other install (same OS,
most other things the same as well).
if I only remembered what I did last time to make it work...


[1] and there's the Faq-O-Matic entry regarind pros and cons of aci:
    "The disadvantages are:
      1. There is no regex matching for subjects or objects."