[Freeipa-users] The ACI reloaded !
ALAHYANE Rachid
afkkir at gmail.com
Tue Jul 13 13:09:29 UTC 2010
Thank you Rob ^^ it works !
2010/7/12 Rob Crittenden <rcritten at redhat.com>
> ALAHYANE Rachid wrote:
>
>> Hi,
>>
>> I want to add an ACI to the ldap server with the aci-add and i do not how
>> can I do it ?
>>
>> The aci to add is the following :
>>
>>
>> (targetattr = "friends,blockedfriends,givenName || sn || cn || displayName
>> || title || initials || loginShell || gecos || homePhone || mobile || pager
>> || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l
>> || st || postalCode || manager || secretary || description || carLicense ||
>> labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory
>> || ou")(version 3.0;acl "My Self service";allow (write) userdn =
>> "ldap:///self";)
>>
>
> The aci plugin can't handle self bind rules yet (I created ticket #80 to
> track this).
>
> You can still add this with ldapmodify though.
>
> First you need to replace the comma's in your targetattr with ||, then you
> should be able to add it with something like:
>
> ldapmodify -x -D 'cn=directory manager' -W
> dn: dc=example,dc=com
> changetype: modify
> add: aci
> aci: <your_aci>
>
> ^D
>
>
>
>> Note that I added some new target attributes (also added on the ldap
>> schema). The last time, I tried to modify an ACI, the aci entry was deleted.
>> It is for this reason that i try to add a new one.
>>
>
> What the aci plugin does in the modify case is delete the old aci and add a
> new one. The problem with the plugin wasn't shown until after the deletion,
> hence any aci you tried to modify you basically just deleted.
>
> rob
>
--
Meilleures salutations / Best Regards
Rachid ALAHYANE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20100713/870e4099/attachment.htm>
More information about the Freeipa-users
mailing list