<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>







<p class="p1"><span class="s1"><br></span></p><p class="p1">Hi All,</p><p class="p1">I am getting <b style="font-size: 12pt;">ACL Syntax Error(-5) </b><span style="font-size: 12pt;">when trying to add ACI to my freeIPA server.  Any idea why i am getting this error?</span></p><p class="p1"><span style="font-size: 12pt;"><br></span></p><p class="p1"><span style="font-size: 12pt;">This is the error i am getting:</span></p><p class="p1"><br></p><p class="p1"><span class="s1">ldap_modify: Invalid syntax (21)</span></p><p class="p1">








</p><p class="p1"><span class="s1"><span class="Apple-tab-span">  </span><b>additional info: ACL Syntax Error(-5)</b>:(targetattr=\22userclass\22)(targetfilter=\22(objectclass=ipahost)\22)(version3.0; acl \22permission:Allow admin to modify  hosts membership within  permitted hostgroups\22; allow (write) groupdn =\22ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com\22;)</span></p><p class="p1"><span class="s1"><br></span></p><p class="p1"><span class="s1">my ldif entries:</span></p><p class="p1"><span class="s1"><br></span></p><p class="p1"><span class="s1">dn: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com</span></p>
<p class="p1"><span class="s1">add: aci</span></p>
<p class="p1"><span class="s1">aci: (targetattr = "userclass")(targetfilter = "(objectclass=ipahost)")(version3.0;acl "permission:Allow admin to modify  hosts membership within  permitted hostgroups";allow (write) groupdn ="ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com";)</span></p><p class="p1"><span class="s1"><br></span></p><p class="p1">Also, one general question i should be able to view the ACI under freeIPA permission tab once it gets created correct?</p><p class="p1"><br></p><p class="p1">Thanks & regards,</p><p class="p1">Deepak</p><p class="p1"><br></p>                                      </div></body>
</html>