Hello,
I am using OpenLDAP 2.4.40 on CentOS 7.6. I tried to remove 2 ACL
entries and failed. I must missed something so please help me.
I now have:
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=van,dc=company,dc=com
olcRootDN: cn=Manager,dc=van,dc=company,dc=com
olcRootPW:: e1NTSEF9cEpWbEIzOEh4UXJpcjNVSUl2enZz0sm1akt4Nnd6OTk=
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: default sub
structuralObjectClass: olcHdbConfig
entryUUID: 3b7e5722-d26f-1035-8835-91213c5bb357
creatorsName: cn=config
createTimestamp: 20160629180122Z
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by
dn.ba
se="cn=Manager,dc=van,dc=company,dc=com" write by * none
olcAccess: {1}to * by self write by dn="cn=Manager,dc=van,dc=company,dc=
com" write by * read
entryCSN: 20200427230612.038641Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20200427230612Z
Then I created a LDIF file:
# cat delete_acl.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}
olcAccess: {1}
Now try to delete the ACL:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f delete_acl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
#
When I check with "slapcat -n 0" I see the 2 olcAssess entires is still
exist.
Please help. Thanks.
Gao
Show replies by date
On Mon, Apr 27, 2020 at 04:23:20PM -0700, Gao wrote:
# cat delete_acl.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}
olcAccess: {1}
Is the blank line actually part of it? Then you're making a no-op change
on that entry, plus submitting some invalid stuff (which gets ignored)
afterwards.
Delete the blank line and it ought to work.
On 2020-04-27 16:32, Ryan Tandy wrote:
On Mon, Apr 27, 2020 at 04:23:20PM -0700, Gao wrote:
> # cat delete_acl.ldif
> dn: olcDatabase={2}hdb,cn=config
>
> changetype: modify
> delete: olcAccess
> olcAccess: {0}
> olcAccess: {1}
Is the blank line actually part of it? Then you're making a no-op
change on that entry, plus submitting some invalid stuff (which gets
ignored) afterwards.
Delete the blank line and it ought to work.
Removed the blank line and it works.
Thanks for the quick help.
Cheers,
Gao
--On Monday, April 27, 2020 5:23 PM -0700 Gao <gao(a)pztop.com> wrote:
Hello,
I am using OpenLDAP 2.4.40 on CentOS 7.6. I tried to remove 2 ACL entries
and failed. I must missed something so please help me.
I would strongly advise updating to a current release of OpenLDAP. 2.4.40
is 5.5 years old and numerous bugs, including some deadlocks in cn=config
when doing modifications, have been fixed since that release.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>