Hello list,
I simply trying to add an olcAccess entry to the config backend.
here the file contents:
dn: olcDatabase={1}hdb,cn=config changeType: modify add: olcAccess olcAccess: to dn.subtree="ou=public,ou=addressbook,dc=example,dc=com" by users write
What I've get after adding this to the backend is:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=a dmin,dc=example,dc=com" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read olcAccess:: ezN9dG8gZG4uc3VidHJlZT0ib3U9cHVibGljLG91PWFkZHJlc3Nib29rLGRjPWtva2 VsbmV0LGRjPWRlIiBieSAqIHdyaXRlIA==
What's going on here, what did I wrong, I didn't get it yet. Please help me.
Regards, Tobias Hachmer
Hi Tobias,
It looks like it's simply base64 encoded. Did you have any trailing whitespace after your olcAccess entry? As far as I'm aware the rule will still be processed correctly although I'm happy to be corrected if this isn't the case.
Cheers,
Mark
On 22/09/12 13:47, Tobias Hachmer wrote:
Hello list,
I simply trying to add an olcAccess entry to the config backend.
here the file contents:
dn: olcDatabase={1}hdb,cn=config changeType: modify add: olcAccess olcAccess: to dn.subtree="ou=public,ou=addressbook,dc=example,dc=com" by users write
What I've get after adding this to the backend is:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=a dmin,dc=example,dc=com" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read olcAccess:: ezN9dG8gZG4uc3VidHJlZT0ib3U9cHVibGljLG91PWFkZHJlc3Nib29rLGRjPWtva2 VsbmV0LGRjPWRlIiBieSAqIHdyaXRlIA==
What's going on here, what did I wrong, I didn't get it yet. Please help me.
Regards, Tobias Hachmer
Tobias:
Can you post the detailed steps you used to add the olcAccess? Did you edit the ldif file directly than restarted the slapd or used ldapmodify utility?
Yan
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Tobias Hachmer Sent: Saturday, September 22, 2012 8:47 AM To: openldap-technical@openldap.org Subject: Problem with olcAccess
Hello list,
I simply trying to add an olcAccess entry to the config backend.
here the file contents:
dn: olcDatabase={1}hdb,cn=config changeType: modify add: olcAccess olcAccess: to dn.subtree="ou=public,ou=addressbook,dc=example,dc=com" by users write
What I've get after adding this to the backend is:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=a dmin,dc=example,dc=com" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read olcAccess:: ezN9dG8gZG4uc3VidHJlZT0ib3U9cHVibGljLG91PWFkZHJlc3Nib29rLGRjPWtva2 VsbmV0LGRjPWRlIiBieSAqIHdyaXRlIA==
What's going on here, what did I wrong, I didn't get it yet. Please help me.
Regards, Tobias Hachmer
Am 24.09.2012 17:23, schrieb Yan Gong:
Can you post the detailed steps you used to add the olcAccess? Did you edit the ldif file directly than restarted the slapd or used ldapmodify utility?
Thanks for your replies. Mark you're right, it wase base64 encoded because of a trailing whitespace in my ldif file I have added via ldapmodify.
Problem solved, thanks again. Regards, Tobias Hachmer
--On Monday, September 24, 2012 6:00 PM +0200 Tobias Hachmer lists@kokelnet.de wrote:
Am 24.09.2012 17:23, schrieb Yan Gong:
Can you post the detailed steps you used to add the olcAccess? Did you edit the ldif file directly than restarted the slapd or used ldapmodify utility?
Thanks for your replies. Mark you're right, it wase base64 encoded because of a trailing whitespace in my ldif file I have added via ldapmodify.
Again, your ACL will never be evaluated. See my reply.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Saturday, September 22, 2012 2:47 PM +0200 Tobias Hachmer lists@kokelnet.de wrote:
Hello list,
I simply trying to add an olcAccess entry to the config backend.
here the file contents:
dn: olcDatabase={1}hdb,cn=config changeType: modify add: olcAccess olcAccess: to dn.subtree="ou=public,ou=addressbook,dc=example,dc=com" by users write
What I've get after adding this to the backend is:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=a dmin,dc=example,dc=com" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read olcAccess:: ezN9dG8gZG4uc3VidHJlZT0ib3U9cHVibGljLG91PWFkZHJlc3Nib29rLGRjPWtva2 VsbmV0LGRjPWRlIiBieSAqIHdyaXRlIA==
What's going on here, what did I wrong, I didn't get it yet. Please help me.
Your ACL will never be applied, as it comes after {2}, which covers "*".
You should have made it:
olcAccess: {1}to dn.subtree="..........."
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Am 24.09.2012 17:51, schrieb Quanah Gibson-Mount:
Your ACL will never be applied, as it comes after {2}, which covers "*".
Thanks Quanah for the hint but I have noticed this before. I have wrote my initial post on 2012-09-22. This was my first post to this list at all. So I think that's the reason my post was populated just today. In the meanwhile I solved my issue by myself and also the ordering of the olcAccess entries.
Thanks again, Tobias Hachmer
openldap-technical@openldap.org
-
Mark Cairney -
Quanah Gibson-Mount -
Tobias Hachmer -
Yan Gong