For the life of me I can not figure out the syntax for performing this. Here is my snippet of config.ldif:
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=sakai,dc=uri,dc=edu olcAccess: {0}to * by peername.ip="131.128.1.0%255.255.255.0" +0 break by peername.ip="131.128.122.0%255.255.255.0" +0 break by peername.ip="158.123 .255.8%255.255.255.248" +0 break by peername.ip="127.0.0.1" +0 break olcAccess: {1}to * by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" read by * auth olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu .....
I need to remove the olcAccess {0} as we need to access this server from new ips. We are using a firewall to protect the server going forward.
I have created the file removeips containing:
dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {1}
Running the command ldapmodify -W -x -h antons.uri.edu -D "cn=admin,cn=config" -f /root/ldapscripts/removeips
gives me: modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: No such attribute (16) additional info: modify/delete: olcAccess: no such attribute
What am I doing wrong?
Thanks,
Kathy
On Jan 12, 2016, at 13.02, Katherine Faella kmf@uri.edu wrote:
For the life of me I can not figure out the syntax for performing this. Here is my snippet of config.ldif:
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=sakai,dc=uri,dc=edu olcAccess: {0}to * by peername.ip="131.128.1.0%255.255.255.0" +0 break by peername.ip="131.128.122.0%255.255.255.0" +0 break by peername.ip="158.123 .255.8%255.255.255.248" +0 break by peername.ip="127.0.0.1" +0 break olcAccess: {1}to * by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" read by * auth olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu .....
I need to remove the olcAccess {0} as we need to access this server from new ips. We are using a firewall to protect the server going forward.
I have created the file removeips containing:
dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {1}
there is no olcaccess attribute with a value of "{1}". however, there is an olcaccess attribute with a value of "{1}to * by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" read by * auth"
additionally, if you wish to delete the attribute whose value starts with {0}, i'm not sure why you're specifying the attribute whose value starts with {1} in your ldif.
-ben
btb@bitrate.net wrote:
On Jan 12, 2016, at 13.02, Katherine Faella kmf@uri.edu wrote:
For the life of me I can not figure out the syntax for performing this. Here is my snippet of config.ldif:
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=sakai,dc=uri,dc=edu olcAccess: {0}to * by peername.ip="131.128.1.0%255.255.255.0" +0 break by peername.ip="131.128.122.0%255.255.255.0" +0 break by peername.ip="158.123 .255.8%255.255.255.248" +0 break by peername.ip="127.0.0.1" +0 break olcAccess: {1}to * by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" read by * auth olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu .....
I need to remove the olcAccess {0} as we need to access this server from new ips. We are using a firewall to protect the server going forward.
I have created the file removeips containing:
dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {1}
there is no olcaccess attribute with a value of "{1}".
That is not relevant. The ordered values syntax allows modifications of this form. https://tools.ietf.org/html/draft-chu-ldap-xordered-00
additionally, if you wish to delete the attribute whose value starts with {0}, i'm not sure why you're specifying the attribute whose value starts with {1} in your ldif.
Yes, that's the better question.
On Tue, Jan 12, 2016 at 2:12 PM, Howard Chu hyc@symas.com wrote:
btb@bitrate.net wrote:
On Jan 12, 2016, at 13.02, Katherine Faella kmf@uri.edu wrote:
For the life of me I can not figure out the syntax for performing this. Here is my snippet of config.ldif:
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=sakai,dc=uri,dc=edu olcAccess: {0}to * by peername.ip="131.128.1.0%255.255.255.0" +0 break by peername.ip="131.128.122.0%255.255.255.0" +0 break by peername.ip="158.123 .255.8%255.255.255.248" +0 break by peername.ip="127.0.0.1" +0 break olcAccess: {1}to * by dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$" read by * auth olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu .....
I need to remove the olcAccess {0} as we need to access this server from new ips. We are using a firewall to protect the server going forward.
I have created the file removeips containing:
dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {1}
there is no olcaccess attribute with a value of "{1}".
That is not relevant. The ordered values syntax allows modifications of this form. https://tools.ietf.org/html/draft-chu-ldap-xordered-00
additionally, if you wish to delete the attribute whose value starts with
{0}, i'm not sure why you're specifying the attribute whose value starts with {1} in your ldif.
Yes, that's the better question.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
The olcAccess: {1} was a typo. My removeips file contains:
dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {0}
I am running the modify with: ldapmodify -W -x -h antons.uri.edu -D "cn=admin,cn=config" -f /root/ldapscripts/removeips Enter LDAP Password: modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: No such attribute (16) additional info: modify/delete: olcAccess: no such attribute
Which is where I am having trouble. I believe that deleting the {0} element should keep the {1} and move it up to the correct position.
--On Tuesday, January 12, 2016 2:38 PM -0500 Katherine Faella kmf@uri.edu wrote:
Which is where I am having trouble. I believe that deleting the {0} element should keep the {1} and move it up to the correct position.
I do this extensively, and it works fine. What OpenLDAP release are you on?
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org