Thank you Rob ^^ it works ! 2010/7/12 Rob Crittenden <rcrit...@redhat.com>
> ALAHYANE Rachid wrote: > >> Hi, >> >> I want to add an ACI to the ldap server with the aci-add and i do not how >> can I do it ? >> >> The aci to add is the following : >> >> >> (targetattr = "friends,blockedfriends,givenName || sn || cn || displayName >> || title || initials || loginShell || gecos || homePhone || mobile || pager >> || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l >> || st || postalCode || manager || secretary || description || carLicense || >> labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory >> || ou")(version 3.0;acl "My Self service";allow (write) userdn = >> "ldap:///self";) >> > > The aci plugin can't handle self bind rules yet (I created ticket #80 to > track this). > > You can still add this with ldapmodify though. > > First you need to replace the comma's in your targetattr with ||, then you > should be able to add it with something like: > > ldapmodify -x -D 'cn=directory manager' -W > dn: dc=example,dc=com > changetype: modify > add: aci > aci: <your_aci> > > ^D > > > >> Note that I added some new target attributes (also added on the ldap >> schema). The last time, I tried to modify an ACI, the aci entry was deleted. >> It is for this reason that i try to add a new one. >> > > What the aci plugin does in the modify case is delete the old aci and add a > new one. The problem with the plugin wasn't shown until after the deletion, > hence any aci you tried to modify you basically just deleted. > > rob > -- Meilleures salutations / Best Regards Rachid ALAHYANE
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users