[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL OK in 2.0/2.1 not OK in 2.2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Peter Schober wrote:
| hi,
|
| * lugzug@lenin.net <lugzug@lenin.net> [2004-06-23 01:50]:
|
|>I've been able to use the ACLs below for quite some time with no troubles.
|>When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
|>syntax error on line 13. The error message is "bad DN "()" in to DN
|>clause".
|
|
| I'm not sure this is related but I have a similar situation where I have
| to use certain settings in slapd.conf for an external software:
| it worked OK on the OpenLDAP 2.1.30 FreeBSD port (changed to include
| --enable-aci since this is used by the external softare), but the same
| config file fails on a fresh install from stable sources (2.2.13):
| slapd.conf: line nnn: bad DN "uid=[^,]+,dc=..." in DN clause
|
| with the offending part being:
|
| access to dn="uid=[^,]+,"dc=domain,dc=components,dc=org""
attr=c,cn,telephoneNumber,.....
| by aci write break
| by self write
| by users read
| by peername="ip=127\.0\.0\.1" read
| by * none
|
Because the default matching style for dn changed from regex to exact
from 2.1 to 2.2. So, your 'dn=' needs to be 'dn.regex='.
(this really needs to be made much more obvious in the
documentation/release notes/notes for 2.1 users etc IMHO).
Regards,
Buchan
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA2ubIrJK6UGDSBKcRAmuTAJ9RPK4JiBOyg+0cfsI3btfV8qjy7wCdFrPp
/2W7NqmX3bWnwJ8qbXjHPHc=
=r9a1
-----END PGP SIGNATURE-----