[Freeipa-users] Getting ACL Syntax Error(-5)
Martin Basti
mbasti at redhat.com
Wed Aug 31 10:06:02 UTC 2016
On 31.08.2016 11:49, Deepak Dimri wrote:
>
>
> Hi All,
>
> I am getting *ACL Syntax Error(-5) *when trying to add ACI to my
> freeIPA server. Any idea why i am getting this error?
>
Maybe your ACI is incorrect?
>
> This is the error i am getting:
>
>
> ldap_modify: Invalid syntax (21)
>
> *additional info: ACL Syntax
> Error(-5)*:(targetattr=\22userclass\22)(targetfilter=\22(objectclass=ipahost)\22)(version3.0;
> acl \22permission:Allow admin to modify hosts membership within
> permitted hostgroups\22; allow (write) groupdn
> =\22ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com\22;)
>
>
Can you try here'version3.0;' to put space between version and number
Otherwise it looks good to me.
> my ldif entries:
>
>
> dn: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
>
> add: aci
>
> aci: (targetattr = "userclass")(targetfilter =
> "(objectclass=ipahost)")(version3.0;acl "permission:Allow admin to
> modify hosts membership within permitted hostgroups";allow (write)
> groupdn
> ="ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com";)
>
>
> Also, one general question i should be able to view the ACI under
> freeIPA permission tab once it gets created correct?
>
No, you have to add FreeIPA permission, custom ACIs are not tracked in
webUI/CLI
IMO it should be possible to create this permission using webUI
Martin
>
>
> Thanks & regards,
>
> Deepak
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/eb9be9b7/attachment.htm>
More information about the Freeipa-users
mailing list