[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL migration from openldap 2.1 to 2.2

To: OpenLDAP-software@OpenLDAP.org
Subject: ACL migration from openldap 2.1 to 2.2
From: Jaime Tomé Gomes Ventura <jaimeventura@ipp.pt>
Date: Thu, 17 Feb 2005 10:22:20 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922

I have recently upgraded openldap from 2.1.30 to 2.2.20 and 2.1 access lists doesnt work on 2.2.20.

Basically, allow bind only to users having attribute ippNetStatus = ACTIVO.
access to * filter=(ippNetStatus=ACTIVO)
       by anonymous auth
       by self write

This rule doesnt work anymore. With 2.2.20, it keeps telling me "invalid credencials".

The following rule doesnt work either. (syntax error)

access to dn="^.*,uid=([^,]+),(.*)$"
       by dn="uid=$1,$2"   write

Finally, I would like to give full access to a specific atribute(ippNetSessionId) on all objects(users) to a specific user(dn="uid=ippNetSessionIdWriter,dc=core,dc=ipp,dc=pt"). I've tried the following, but didnt work: access to attrs=ippNetSessionId by dn="uid=ippNetSessionIdWriter,dc=core,dc=ipp,dc=pt" write by self write by * auth


I'm using ldap-sql  backend.
Can someone help me (or at least give me some guidelines)
Thanks in advance.
Jaime

Here is the full 2.1 access list in using:
access to dn.base=""
       by * read
access to dn.base="cn=Subschema"
       by * read
access to dn.one="dc=ipp,dc=pt"
       by anonymous auth
       by users read
access to * filter=(ippNetStatus=ACTIVO)
       by anonymous auth
       by self write
access to dn="^.*,uid=([^,]+),(.*)$"
       by dn="uid=$1,$2"   write
access to *
       by self write

Prev by Date: Best book on OpenLDAP SysAdmin?
Next by Date: Long slapd shutdown times
Index(es):
- Chronological
- Thread