[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Removing olcAccess entry
> On Jan 12, 2016, at 13.02, Katherine Faella <kmf@uri.edu> wrote:
>
> For the life of me I can not figure out the syntax for performing this. Here is my snippet of config.ldif:
>
>
> dn: olcDatabase={1}hdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcHdbConfig
> olcDatabase: {1}hdb
> olcSuffix: dc=sakai,dc=uri,dc=edu
> olcAccess: {0}to * by peername.ip="131.128.1.0%255.255.255.0" +0 break by
> peername.ip="131.128.122.0%255.255.255.0" +0 break by peername.ip="158.123
> .255.8%255.255.255.248" +0 break by peername.ip="127.0.0.1" +0 break
> olcAccess: {1}to * by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$"
> read by * auth
> olcAddContentAcl: FALSE
> olcLastMod: TRUE
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu
> .....
>
> I need to remove the olcAccess {0} as we need to access this server from new ips. We are using a firewall to protect the server going forward.
>
> I have created the file removeips containing:
>
> dn: olcDatabase={1}hdb,cn=config
> changetype: modify
> delete: olcAccess
> olcAccess: {1}
there is no olcaccess attribute with a value of "{1}". however, there is an olcaccess attribute with a value of "{1}to * by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" read by * auth"
additionally, if you wish to delete the attribute whose value starts with {0}, i'm not sure why you're specifying the attribute whose value starts with {1} in your ldif.
-ben