Thank you Rob ^^ it works !
2010/7/12 Rob Crittenden <rcrit...@redhat.com>
> ALAHYANE Rachid wrote:
>> I want to add an ACI to the ldap server with the aci-add and i do not how
>> can I do it ?
>> The aci to add is the following :
>> (targetattr = "friends,blockedfriends,givenName || sn || cn || displayName
>> || title || initials || loginShell || gecos || homePhone || mobile || pager
>> || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l
>> || st || postalCode || manager || secretary || description || carLicense ||
>> labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory
>> || ou")(version 3.0;acl "My Self service";allow (write) userdn =
> The aci plugin can't handle self bind rules yet (I created ticket #80 to
> track this).
> You can still add this with ldapmodify though.
> First you need to replace the comma's in your targetattr with ||, then you
> should be able to add it with something like:
> ldapmodify -x -D 'cn=directory manager' -W
> dn: dc=example,dc=com
> changetype: modify
> add: aci
> aci: <your_aci>
>> Note that I added some new target attributes (also added on the ldap
>> schema). The last time, I tried to modify an ACI, the aci entry was deleted.
>> It is for this reason that i try to add a new one.
> What the aci plugin does in the modify case is delete the old aci and add a
> new one. The problem with the plugin wasn't shown until after the deletion,
> hence any aci you tried to modify you basically just deleted.
Meilleures salutations / Best Regards
Freeipa-users mailing list