Re: Removing olcAccess entry

[btb@bitrate.net]

> On Jan 12, 2016, at 13.02, Katherine Faella <kmf@uri.edu> wrote:
> 
> For the life of me I can not figure out the syntax for performing this.  Here is my snippet of config.ldif:
> 
> 
> dn: olcDatabase={1}hdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcHdbConfig
> olcDatabase: {1}hdb
> olcSuffix: dc=sakai,dc=uri,dc=edu
> olcAccess: {0}to *  by peername.ip="131.128.1.0%255.255.255.0" +0 break  by 
>  peername.ip="131.128.122.0%255.255.255.0" +0 break  by peername.ip="158.123
>  .255.8%255.255.255.248" +0 break  by peername.ip="127.0.0.1" +0 break
> olcAccess: {1}to *  by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" 
>  read  by * auth
> olcAddContentAcl: FALSE
> olcLastMod: TRUE
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu
> .....
> 
> I need to remove the olcAccess {0} as we need to access this server from new ips.  We are using a firewall to protect the server going forward.
> 
> I have created the file removeips containing:
> 
> dn: olcDatabase={1}hdb,cn=config
> changetype: modify
> delete: olcAccess
> olcAccess: {1}

there is no olcaccess attribute with a value of "{1}".  however, there is an olcaccess attribute with a value of "{1}to *  by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" read  by * auth"

additionally, if you wish to delete the attribute whose value starts with {0}, i'm not sure why you're specifying the attribute whose value starts with {1} in your ldif.

-ben