 | | | openldap | openldap 2004-12-17 - By Craig White
Back
Trying to work things through openldap-2.0.27 and wondering if I
shouldn't just bail on the rpms from Red Hat and go with the packages by
Symas.
Anyway, I am reading through the 'Address Book Example' from
openldap.org <http://www.openldap.org/faq/data/cache/1005.html> and it
lists ACL's that include regex's that evidently aren't supported in
2.0.27
When I implement, I get an error starting ldap service...
]# service ldap start
Starting slapd: /etc/openldap/slapd.conf: line 52: unknown style
"exact,expand" in by clause
<access clause> ::= access to <what> [ by <who> <access> <control> ]+
<what> ::= * | [dn=<regex>] [filter=<ldapfilter>] [attrs=<attrlist>]
<attrlist> ::= <attr> | <attr> , <attrlist>
<attr> ::= <attrname> | entry | children
<who> ::= [ * | anonymous | users | self | dn=<regex> ]
[dnattr=<attrname>]
[group[/<objectclass>[/<attrname>]]=<regex>]
[peername=<regex>] [sockname=<regex>]
[domain=<regex>] [sockurl=<regex>]
[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
<access> ::= [self]{<level>|<priv>}
<level> ::= none | auth | compare | search | read | write
<priv> ::= {=|+|-}{w|r|s|c|x}+
<control> ::= [ stop | continue | break ]
[FAILED]
and line 52 (as part of an ACL) has...
by dn.exact,expand="uid=$1,ou=People,dc=tobyhouse,dc=com" write
Is there a way that I can an 'expanding' attribute ACL such as this in
2.0.27? Is there another way that I can do this with 2.0.27? Is there a
better list that I should bring this to? They are very dismissive of
RHEL's 2.0.27 on the openldap-software@(protected) mail list.
Thanks
Craig
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|