RE: insert an olcAccess line in cn=config?

-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Thursday, September 13, 2012 3:51 AM To: Aaron Bennett Cc: openldap-technical(a)openldap.org Subject: Re: insert an olcAccess line in cn=config? Thanks, Howard. That's good stuff. I decided to take Apache Directory Studio out of the picture... dn: olcDatabase={1}bdb,cn=config add: olcAccess: {9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read by users read by self read by * none What I get when I try to ldapadd it is: $ ldapadd -v -H ldaps://testanimal.clarku.edu -x -D "cn=config" -W -f ldif.ldif ldap_initialize( ldaps://testanimal.clarku.edu:636/??base ) add add: add olcAccess: {9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read by users read by self read by * none adding new entry "olcDatabase={1}bdb,cn=config" ldap_add: Undefined attribute type (17) additional info: add: attribute type undefined I know I'm missing something simple... thanks for your time. -Aaron