[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACI syntax changes in 2.3 / OpenLDAPaci does not like multiple attributes


I currently try to move from 2.1 to 2.3 and notices that I get syntax errors
during slapadd, for the OpenLDAPaci Attribute. The new syntax validation for
ACIs doesn't like [entry] and [children] as attributes. Aren't they
necessary anymore?

Additionaly it doesn't accepts more then one attribute, also while looking
throught the source in aci.c it seems that the ACI code itself, still
support multiple attributes. Here is an example:

OpenLDAPaci: 1#entry#grant;r,s,c;cn#access-id#cn=admin,dc=testuml,dc=test
OpenLDAPaci: 1#entry#grant;r,s,c;dc#access-id#cn=aaa,dc=testuml,dc=test
OpenLDAPaci: 1#entry#grant;r,s,c;cn,dc#access-id#cn=xxx,dc=testuml,dc=test

The first two entries are ok, while the third one fails. This seems a bug to
me or do I oversee something?

Thanks Gerald

P.S. Is there any description about ACI syntax other then outdated in the

Besuchen Sie uns auf der CeBIT 2006 in Halle 7, Stand B30 (Aladdin)
Gerald Richter            ecos electronic communication services gmbh
IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl

Post:       Tulpenstrasse 5          D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de          Voice:   +49 6133 939-122
WWW:        http://www.ecos.de/      Fax:     +49 6133 939-333
ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info


** Virus checked by BB-5000 Mailfilter **