Hi,
i have setted some limits in slapd.conf:
limits dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" time=2048 size=16384 limits dn.one="ou=people,dc=ufv,dc=br" time=4 size=1
But my log shows:
/etc/openldap/slapd.conf : line 80: deprecated "one" style "limits <pattern> <limits>" line; use "onelevel" instead.
The error message is showed only for limits definition. My access rules uses "one" and i get no complains in the log file, why?
Thanks in advance.
On Fri, Jul 08, 2011 at 10:51:45AM -0300, Friedrich Locke wrote:
i have setted some limits in slapd.conf:
limits dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" time=2048 size=16384 limits dn.one="ou=people,dc=ufv,dc=br" time=4 size=1
But my log shows:
/etc/openldap/slapd.conf : line 80: deprecated "one" style "limits <pattern> <limits>" line; use "onelevel" instead.
The error message is showed only for limits definition. My access rules uses "one" and i get no complains in the log file, why?
"one" is allowed in ACLs but it is not allowed in limits statements "onelevel" is allowed in either place. This is inconsistent, but the manpage does make clear what the rules are:
limits <selector> <limit> [<limit> [...]] Specify time and size limits based on the operation's initiator or base DN. The argument <selector> can be any of
anonymous | users | [<dnspec>=]<pattern> | group[/oc[/at]]=<pattern>
with
<dnspec> ::= dn[.<type>][.<style>]
<type> ::= self | this
<style> ::= exact | base | onelevel | subtree | children | regex | anonymous
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
Friedrich Locke