Bogdan Rudas wrote:
Hello all,
I would like to start use of olcAccess rules, are there human-friendly editor for that ACLs?
Use any editor you wish. It is just text!
I can't even use line breaks in ldif file to make my restrictions a bit more readable!
One can use line breaks, no problem. But understanding ldif file syntax is important.
Often one have very long lines in ldif files.
A standard terminal has a width of 80 characters. Longer lines get broken at charakter 78. 79 charakter is a newline "\n", 80 character is one space " ". So the output you get looks like this:
line no text 1 "78 byte" + "\n" 2 "one space" + "next 78 bytes + "\n" 3 "one space" + "next 78 bytes + "\n"
This happens during a ldapsearch operation. If you upload this ldif to a ldapserver these two bytes "\n " will be removed.
Conclusion: One may add a newline to a ldif file by adding two characters "\n + space". You may add as many newline you wish.
i.e.
open l a p
becomes "openlap" after opload.
open l a p
becomes "open l ap" after upload
I strongly dislike very long string values, one day this will cause mistake and access violation.
I've tried with Apache DS, ldif import and few puppet modules, everything require huge line ACL.
No, not really. They just require proper formated ldif input. man ldif, section "ENTRY RECORD EXAMPLE", attribute jpegPhoto
Any help will be welcome.
read this thread: http://www.openldap.org/lists/openldap-technical/201402/threads.html#00105
here is a small filter which may help you:
# cat $(which fmt_olcAccess)
#!/bin/sed -rf # Author: Harry Jede # produce human readable but still machine parseable # olcAccess lines and removes the ordering numbers in {} # because humans don't need them, really.
# the hole script s/^(olcAccess: ){[[:digit:]]+}(.*$)/\1\2/ $!{H;d} ${H;g;s/\n //g;s/[[:space:]]+by /\n by /g}
info sed explains the commands in short line 1: removes the ordering numbers line 2: concatenate all lines into hold buffer line 3: move hold buffer back to pattern buffer s/\n //g delete any occurance of "\n " finally search for " by" and add a ldif line break in front of " by"