Bogdan Rudas wrote:
I would like to start use of olcAccess rules, are there
human-friendly
editor for that ACLs?
I can't even use line breaks in ldif file to make my restrictions a bit
more readable! I strongly dislike very long string values, one day this
will cause mistake and access violation.
That's the reason why I still strongly recommend to use static configuration
files, especially when setting up slapd via puppet with .erb templates.
Last week I had to modify some ACLs in cn=config. It took me much more time to
do this than modifying a static configuration.
I'm currently playing with 'olcAccess' attribute handling in my web2ldap.
It's very cumbersome:
Normally web2ldap trys to preserve exactly what's in a LDAP entry when
generating the input form for modification so that there won't be any
modification if the user did not alter any value but accidently hit the submit
button. I could not figure out how to achieve this with all the white-spacing
variants olcAccess values can contain because normalizing the values in some
way would likely lead to a different value.
Ciao, Michael.