-----Original Message----- From: Quanah Gibson-Mount quanah@fast-mail.org Sent: Thursday, July 4, 2024 9:41 PM To: Windl, Ulrich u.windl@ukr.de; openldap-technical <openldap- technical@openldap.org> Subject: [EXT] RE: Querying the default password policy
--On Thursday, July 4, 2024 7:46 AM +0000 "Windl, Ulrich" u.windl@ukr.de wrote:
olcAccess: {1}to filter=&(objectClass=olcPPolicyConfig)(olcPPolicyDefault=*) attrs=olcPPolicyDefault by dn.exact="uid=PP-
Checker,ou=system,dc=context"
read by * break
"&(objectClass=olcPPolicyConfig)(olcPPolicyDefault=*)" is not a valid filter.
[Windl, Ulrich] So it needs an extra pair of parentheses around? Is that really the only problem? Maybe the problem is that the Perl API accepts such, but maybe it adds an extra pair of parentheses around. Finally: Couldn't "Other (e.g., implementation specific) error (80)" be improved to say "bad filter syntax" or similar?
OK, the surrounding pair of parentheses made slapd accept the ACL.
--Quanah