[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting LDAP and SASL (digest-md5) to play nice

To: openldap-software@openldap.org
Subject: Re: Getting LDAP and SASL (digest-md5) to play nice
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 7 Mar 2008 09:00:31 +0200
Cc: Rick Stevens <rps2@socal.rr.com>
Content-disposition: inline
In-reply-to: <47D06DA5.9070009@socal.rr.com>
References: <47CF3B9C.4000102@socal.rr.com> <47D047DE.4000403@socal.rr.com> <47D06DA5.9070009@socal.rr.com>
User-agent: KMail/1.9.7

On Friday 07 March 2008 00:18:13 Rick Stevens wrote:
> Ok, I found the glitch.  The slapd.conf file doesn't really "ignore"
> lines starting with a "#".

It does. But, if you have a single statement running over multiple lines, the 
*first* line that doesn't start with a leading space terminates the 
statement. Always consider how a statement would look if you wrote it on one 
line, e.g.:

access to attrs=userPassword
	by cn=root,dc=mydomain,dc=com write
#	by group="cn=Account Admins,dc=mydomain,dc=com write
	by self write
	by * auth

is going to end up terminating at the # ...

I note that no comment lines appeared in the ACLs you posted ... if you had 
included the exact contents, this could probably have been resolved a lot 
sooner ...

Regards,
Buchan

References:
- Getting LDAP and SASL (digest-md5) to play nice
  - From: Rick Stevens <rps2@socal.rr.com>
- Re: Getting LDAP and SASL (digest-md5) to play nice
  - From: Rick Stevens <rps2@socal.rr.com>
- Re: Getting LDAP and SASL (digest-md5) to play nice
  - From: Rick Stevens <rps2@socal.rr.com>

Prev by Date: Re: Getting LDAP and SASL (digest-md5) to play nice
Next by Date: Re: replication problem
Index(es):
- Chronological
- Thread