Somewhere along the way I've discovered that somehow my olcDatabase={1}hdb.ldif is missing "olcAccess:" for samba* entries. To fix this I wanted to update using ldapmodify and the following ldif:
----- modify.ldif ------------ dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {0} - add: olcAccess olcAccess: {0} to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword by dn="cn=admin,dc=domain,dc=tld" write by anonymous auth by self write by * none - ----- modify.ldif ------------
The "olcAccess: {0}...." contents all being on one line. (adding via: ldapmodify -x -D "cn=admin,dc=domain,dc=tld" -W -f modify.ldif)
But manually looking at my current olcDatabase={1}hdb.ldif I see that somehow the current "olcAccess: {0}" entry that I want to update has been split into two lines, as follows:
----- oldAccess: {0} ------------ olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn="cn=admin,dc=frontline" write by * none ----- oldAccess: {0} ------------
As this is a live system at the moment, is there any way, other than stopping slapd and manually viming olcDatabase={1}hdb.ldif to fix the split line and add the samba* entries?
For what it's worth: OS: Ubuntu 11.04 OpenLDAP 2.4.23 Samba: 3.5.8
t.i.a
Jan
--On Thursday, October 13, 2011 10:37 PM +0100 Jan Geep g33plm@gmail.com wrote:
But manually looking at my current olcDatabase={1}hdb.ldif I see that somehow the current "olcAccess: {0}" entry that I want to update has been split into two lines, as follows:
----- oldAccess: {0} ------------ olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn="cn=admin,dc=frontline" write by * none
I would suggest you go and read the LDIF specification, so you can realize this is not a bug nor a problem.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org