How do I control access to operational attributes, in this case memberOf by the eponymous overlay? While I can put an index on 'memberOf' I can't seem to use it in an <attrlist> as part of an ACL:
unknown attr "memberOf" in to clause
(This is on 2.4.22 with all default settings for the memberof overlay and on a syncrepl consumer. The Changelog up to 2.4.25 does not show relevant issues from ITS, AFAICT.)
Neither the slapd.access man page, FAQ or admin guide were of help wrt controlling access to operational attributes (but I may have overlooked something). (I also tried giving access to the 'entry' pseudo attribute, which didn't change the behaviour).
How then are people controlling access to group memberships as provided by the memberof overlay?
cheers, -peter
Peter,
Peter Schober schrieb am 06.04.2011 16:48 Uhr:
How do I control access to operational attributes, in this case memberOf by the eponymous overlay? While I can put an index on 'memberOf' I can't seem to use it in an <attrlist> as part of an ACL:
unknown attr "memberOf" in to clause
I didn't try, but is the overlay initialised before the acl or after in your config?
Marc
Hi Marc,
* Marc Patermann hans.moser@ofd-z.niedersachsen.de [2011-04-12 15:32]:
Peter Schober schrieb am 06.04.2011 16:48 Uhr:
How do I control access to operational attributes, in this case memberOf by the eponymous overlay? While I can put an index on 'memberOf' I can't seem to use it in an <attrlist> as part of an ACL:
unknown attr "memberOf" in to clause
I didn't try, but is the overlay initialised before the acl or after in your config?
Oh my, thanks. Pretty obvious, one might think. :)
I still don't get the opattr returned when asking but this is now probably due to my acls, which I initially wrote maybe 5 years ago (and only adjusted deprecated syntax for newer slapd releases) and will need to dig though. -peter
openldap-technical@openldap.org
-
Marc Patermann -
Peter Schober