Bogdan Rudas wrote:
I would like to start use of olcAccess rules, are there human-friendly editor for that ACLs? I can't even use line breaks in ldif file to make my restrictions a bit more readable! I strongly dislike very long string values, one day this will cause mistake and access violation.
That's the reason why I still strongly recommend to use static configuration files, especially when setting up slapd via puppet with .erb templates.
Last week I had to modify some ACLs in cn=config. It took me much more time to do this than modifying a static configuration.
I'm currently playing with 'olcAccess' attribute handling in my web2ldap. It's very cumbersome: Normally web2ldap trys to preserve exactly what's in a LDAP entry when generating the input form for modification so that there won't be any modification if the user did not alter any value but accidently hit the submit button. I could not figure out how to achieve this with all the white-spacing variants olcAccess values can contain because normalizing the values in some way would likely lead to a different value.
Ciao, Michael.