Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries

[btb@bitrate.net]

On Mar 21, 2012, at 19.22, Chris Hiestand wrote:

> 
> On Mar 20, 2012, at 5:18 AM, btb wrote:
> 
>> On 2012.03.19 14.39, Chris Hiestand wrote:
>>> Editing via an ldap client is easy if you're just editing an
>>> attribute here and there, but because of the interacting nature of ACLs and schema
>>> elements, poor readability (no newlines) makes editing via an ldap client more difficult
>>> (a gui with smart sorting and syntax highlighting could make it better).
>> 
>> i use newlines with apache directory studio just fine:
>> 
>> http://oi41.tinypic.com/292lff5.jpg
> 
> 
> If I try to add newlines to an existing ACL (say if you were to press "OK" in your screenshot) the ldap server may delete it from the list. At least on my system, an ACL with newlines in Apache Directory Studio, often gets deleted from cn=config in openldap 2.4.30. Apache Directory Studio (ADS) will base64 encode a multiline olcAccess. I suspect this isn't supported by Openldap, and it doesn't work consistently. To reproduce this add a couple entries with newlines and then try to edit one of them. In my case, both get deleted when I edit one of them (after ADS sends a modify, replace). The rest of my (single-line) ACLs remain un-deleted.

hmm, not sure why it isn't working for you.  i've heavily modified all of my acls at one point or another, all of which are multiline, and have not had any issues.  data that needs to be base64'd [for whatever reason] is done so consistently [acls or otherwise] and is appropriately represented by the client, and modifications/etc are handled just fine.  

have you adjusted apache directory studio to use the text editor rather than the in place editor?  this thread discusses that in more detail:

http://www.openldap.org/lists/openldap-technical/201009/msg00103.html

-ben