[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Removing olcAccess entry

btb@bitrate.net wrote:

On Jan 12, 2016, at 13.02, Katherine Faella <kmf@uri.edu> wrote:

For the life of me I can not figure out the syntax for performing this.  Here is my snippet of config.ldif:

dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=sakai,dc=uri,dc=edu
olcAccess: {0}to *  by peername.ip="" +0 break  by
  peername.ip="" +0 break  by peername.ip="158.123
  .255.8%" +0 break  by peername.ip="" +0 break
olcAccess: {1}to *  by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$"
  read  by * auth
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu

I need to remove the olcAccess {0} as we need to access this server from new ips.  We are using a firewall to protect the server going forward.

I have created the file removeips containing:

dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {1}

there is no olcaccess attribute with a value of "{1}".

That is not relevant. The ordered values syntax allows modifications of this form. https://tools.ietf.org/html/draft-chu-ldap-xordered-00

additionally, if you wish to delete the attribute whose value starts with {0}, i'm not sure why you're specifying the attribute whose value starts with {1} in your ldif.

Yes, that's the better question.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/