[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trouble with ACL

--On Wednesday, August 11, 2004 4:52 PM -0500 Misty Stanley-Jones <misty@borkholder.com> wrote:

I'm following Gerald Carter's _Ldap System Administration_ and trying to
learn  about ACLs.  On page 121, he includes the following sample:

access to dn=".*,dc=plainjoe,dc=org" attr=userPassword
	by self write
	by * auth

I'm getting syntax errors for that.  As best as I can tell, I have typed
it in  correctly (except for changing the dc components as appropriate),
but slapd  fails to start with this in the .conf file.  The error is:
/etc/openldap/slapd.conf: line 99: bad DN ".*,dc=mydomain,dc=com" in to
DN  clause

I am probably missing something stupid, but I don't know what.  I do have
several DNs in my LDAP tree already and I am able to bind to the tree and
search and add entries like crazy.

That looks like a 2.1 ACL to me. You may want to read slapd.access for OpenLDAP 2.2, which I assume you are using.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html