[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries

Nick Milas wrote:
> I am returning to an older thread, regarding the formatting of ACLs using
> Carriage Return (CRs) and spaces.
> I have just realized that if we format (using CRs) ACLs stored as olcAccess
> attr values, then they are exported/stored as ldif in base64 encoded format
> (by all clients I tried).

Yes, because of declaration of SAFE-CHAR in RFC 2849. I also vaguely remember
discussions about XML in LDIF (on ietf-ldapext mailing list?).

> This actually is causing a serious problem (I would even call it a "*hell
> situation*"), because we can no more export/view our ACLs as ldif in a legible
> form. Moreover, we cannot edit this exported ldif and import it back to cover
> several editing needs.

I think now it's the time to start looking at LDIF processing module in your
favourite scripting language. I cannot imagine any other sane way.

BTW: I'd be curious to hear from people who are using my web2ldap to edit
entries in back-config. Based on the discussion in this tread these attribute
types are pre-registered as multi-line text in recent releases:

    '', # olcAccess
    '', # olcAuthIDRewrite
    '', # olcAuthzRegexp
    '', # olcSyncrepl

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature