> On 27 Nov 2019, at 03:25, Mark Reynolds <mreyno...@redhat.com> wrote: > >> >> In my OpenLdap we have ACL policies is there any script available to convert >> OpenLDAP acl policies to 389-ds policies.? > There is no script that I am aware of for such things. You will need to > recreate them manually. > > As for your IRC question, you can not have a single ACI with allow and deny > rules. You need two separate ACI's to do that. If you give us some specific > examples we can help with the syntax, etc.
Thanks for following up Mark: 389's aci syntax is very different to OpenLDAP so you'll probably need to redesign your access controls in the migration. We're happy to help review, In general you want allow-only rules, and it's the "lack of allow" that is a "deny". > > > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
