[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries

On Mar 20, 2012, at 5:18 AM, btb wrote:

> On 2012.03.19 14.39, Chris Hiestand wrote:
>> Editing via an ldap client is easy if you're just editing an
>> attribute here and there, but because of the interacting nature of ACLs and schema
>> elements, poor readability (no newlines) makes editing via an ldap client more difficult
>> (a gui with smart sorting and syntax highlighting could make it better).
> i use newlines with apache directory studio just fine:
> http://oi41.tinypic.com/292lff5.jpg

If I try to add newlines to an existing ACL (say if you were to press "OK" in your screenshot) the ldap server may delete it from the list. At least on my system, an ACL with newlines in Apache Directory Studio, often gets deleted from cn=config in openldap 2.4.30. Apache Directory Studio (ADS) will base64 encode a multiline olcAccess. I suspect this isn't supported by Openldap, and it doesn't work consistently. To reproduce this add a couple entries with newlines and then try to edit one of them. In my case, both get deleted when I edit one of them (after ADS sends a modify, replace). The rest of my (single-line) ACLs remain un-deleted.

Attachment: smime.p7s
Description: S/MIME cryptographic signature