Oh – and I put in just a single value in the ldif…
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to dn.exact=""
attrs=namingContext
val/distinguishedNameMatch="cn=accesslog"
by * none
but the result is the same
Craig White
System Administrator
O
623-201-8179
M 602-377-9752
SkyTouch Technology
4225 E. Windrose Dr. Phoenix, AZ 85032
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org]
On Behalf Of Craig White
Sent: Monday, May 18, 2015 3:59 PM
To: openldap-technical@openldap.org
Subject: hiding a naming context
Back with a further clarification and trying to solve a problem for our programmers.
ldapsearch -x -H ldapi:/// -s base -b '' namingContext "*" + -D $ROOTDN -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContext * +
#
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: cn=accesslog
namingContexts: dc=example,dc=com
monitorContext: cn=Monitor
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: EXTERNAL
entryDN:
subschemaSubentry: cn=Subschema
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
So our programmers want me to filter out ‘namingContexts: cn=accesslog’ for them (please don’t ask).
# cat naming_context.ldif
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to dn.exact=""
attrs=namingContext
val/distinguishedNameMatch="cn=accesslog transitional"
by * none
ldapmodify -H ldapi:/// -Y EXTERNAL -f naming_context.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={-1}frontend,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcAccess> handler exited with 1
Anyone want to hit me with a clue stick so I can hide the ‘cn=accesslog’ database from my programmers so they don’t have to rewrite code?