ALAHYANE Rachid wrote:
I want to add an ACI to the ldap server with the aci-add and i do not
how can I do it ?
The aci to add is the following :
(targetattr = "friends,blockedfriends,givenName || sn || cn ||
displayName || title || initials || loginShell || gecos || homePhone ||
mobile || pager || facsimileTelephoneNumber || telephoneNumber || street
|| roomNumber || l || st || postalCode || manager || secretary ||
description || carLicense || labeledURI || inetUserHTTPURL || seeAlso ||
employeeType || businessCategory || ou")(version 3.0;acl "My Self
service";allow (write) userdn = "ldap:///self";)
The aci plugin can't handle self bind rules yet (I created ticket #80 to
You can still add this with ldapmodify though.
First you need to replace the comma's in your targetattr with ||, then
you should be able to add it with something like:
ldapmodify -x -D 'cn=directory manager' -W
Note that I added some new target attributes (also added on the ldap
schema). The last time, I tried to modify an ACI, the aci entry was
deleted. It is for this reason that i try to add a new one.
What the aci plugin does in the modify case is delete the old aci and
add a new one. The problem with the plugin wasn't shown until after the
deletion, hence any aci you tried to modify you basically just deleted.
Freeipa-users mailing list