[Date Prev][Date Next]
Re: ACL OK in 2.0/2.1 not OK in 2.2
-----BEGIN PGP SIGNED MESSAGE-----
Peter Schober wrote:
| * firstname.lastname@example.org <email@example.com> [2004-06-23 01:50]:
|>I've been able to use the ACLs below for quite some time with no troubles.
|>When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
|>syntax error on line 13. The error message is "bad DN "()" in to DN
| I'm not sure this is related but I have a similar situation where I have
| to use certain settings in slapd.conf for an external software:
| it worked OK on the OpenLDAP 2.1.30 FreeBSD port (changed to include
| --enable-aci since this is used by the external softare), but the same
| config file fails on a fresh install from stable sources (2.2.13):
| slapd.conf: line nnn: bad DN "uid=[^,]+,dc=..." in DN clause
| with the offending part being:
| access to dn="uid=[^,]+,"dc=domain,dc=components,dc=org""
| by aci write break
| by self write
| by users read
| by peername="ip=127\.0\.0\.1" read
| by * none
Because the default matching style for dn changed from regex to exact
from 2.1 to 2.2. So, your 'dn=' needs to be 'dn.regex='.
(this really needs to be made much more obvious in the
documentation/release notes/notes for 2.1 users etc IMHO).
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----