Hi,
This might be more of an Apache Directory Studio question, so please forgive me...
I'm using Apache Directory studio to edit cn=config and I have some lines like this:
olcAccess: {0}to attrs=foo by <stuff> olcAccess: {1}to attrs=bar by <stuff> olcAccess: {2}to attrs=booboo <stuff> olcAccess: {3}to * by <stuff> read
Order is important in these - so how do I add a value between {1} and {2}, for example? If I add olcAccess: to mailattr by <stuff> read then it goes in as oldAccess: {4} and as I understand ACLs it will never get it because the preceding * will match first, right?
- Aaron
--- Aaron Bennett Manager of Systems Administration Clark University ITS
Aaron Bennett wrote:
Hi,
This might be more of an Apache Directory Studio question, so please forgive me…
I’m using Apache Directory studio to edit cn=config and I have some lines like this:
olcAccess: {0}to attrs=foo by <stuff>
olcAccess: {1}to attrs=bar by <stuff>
olcAccess: {2}to attrs=booboo <stuff>
olcAccess: {3}to * by <stuff> read
Order is important in these – so how do I add a value between {1} and {2}, for example?
Read draft-chu-ldap-xordered-xx.txt
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=tree;f=doc/drafts;...
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Thursday, September 13, 2012 3:51 AM To: Aaron Bennett Cc: openldap-technical@openldap.org Subject: Re: insert an olcAccess line in cn=config?
Read draft-chu-ldap-xordered-xx.txt
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=tree;f=doc/drafts;...
Thanks, Howard. That's good stuff.
I decided to take Apache Directory Studio out of the picture... dn: olcDatabase={1}bdb,cn=config add: olcAccess: {9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read by users read by self read by * none
What I get when I try to ldapadd it is:
$ ldapadd -v -H ldaps://testanimal.clarku.edu -x -D "cn=config" -W -f ldif.ldif ldap_initialize( ldaps://testanimal.clarku.edu:636/??base ) add add: add olcAccess: {9}to uid by dn.subtree="ou=MyOU,ou=AnotherOU,dc=foo,dc=org" write by dn.base="cn=role, ou=AnotherOU,dc=foo,dc=org " write by dn.base="cn=anotherrole, ou=AnotherOU,dc=foo,dc=org " read by peername.ip="192.168.0.0%255.255.0.0" read by peername.ip="10.0.0.0%255.0.0.0" read by peername.ip="127.0.0.1" read by users read by self read by * none adding new entry "olcDatabase={1}bdb,cn=config" ldap_add: Undefined attribute type (17) additional info: add: attribute type undefined
I know I'm missing something simple... thanks for your time.
-Aaron
To add an entry between {1} and {2}, add the new entry as {2}. OpenLDAP will bump {2} and {3} down a number and let the new entry become {2}.
Sent: Wed Sep 12 2012 16:45:13 GMT-0400 (EDT) From: Aaron Bennett abennett@clarku.edu To: openldap-technical@openldap.org openldap-technical@openldap.org Subject: insert an olcAccess line in cn=config?
Hi,
This might be more of an Apache Directory Studio question, so please forgive me...
I'm using Apache Directory studio to edit cn=config and I have some lines like this:
olcAccess: {0}to attrs=foo by <stuff>
olcAccess: {1}to attrs=bar by <stuff>
olcAccess: {2}to attrs=booboo <stuff>
olcAccess: {3}to * by <stuff> read
Order is important in these -- so how do I add a value between {1} and {2}, for example? If I add olcAccess: to mailattr by <stuff> read then it goes in as oldAccess: {4} and as I understand ACLs it will never get it because the preceding * will match first, right?
-Aaron
Aaron Bennett
Manager of Systems Administration
Clark University ITS
openldap-technical@openldap.org
-
Aaron Bennett -
Howard Chu -
Patrick Hemmer