[Date Prev][Date Next] [Chronological] [Thread] [Top]

Upgrading ACLs

I am upgrading from openldap-2.1.22 to openldap-2.2.23, and I am having some 
difficulty getting the ACLs to a state that the new version is happy with. 
Can anyone describe (or point me to a document that describes) the ACL syntax 
differences between these versions? My searches have so far have produced 
only fragmentary results.

What I've learned so far: I found I needed to change "access to dn=" to 
"access to dn.regex=" when the dn contained any regular expression syntax. 
After making this change, slapd starts without complaint, but it appears that 
my "by group=" access rules are not being used, if I am interpreting the 
slapd logging output correctly.

I also changed "attr=" to "attrs=" for each ACL.

Other possibly relevant information: Some of the group identifiers contain 
references to a match group in dn.regex, such as:

    access to dn.regex="dc=([^,]+),o=([^,]+)"
	by group="cn=admin,ou=sys,o=$2"

As you can probably tell, I'm groping in the dark a bit. Any direction is 

Thank you,