Bogdan Rudas wrote: > Hello all, > > I would like to start use of olcAccess rules, are there > human-friendly editor for that ACLs? Use any editor you wish. It is just text!
> I can't even use line breaks in ldif file to make my restrictions a > bit more readable! One can use line breaks, no problem. But understanding ldif file syntax is important. Often one have very long lines in ldif files. A standard terminal has a width of 80 characters. Longer lines get broken at charakter 78. 79 charakter is a newline "\n", 80 character is one space " ". So the output you get looks like this: line no text 1 "78 byte" + "\n" 2 "one space" + "next 78 bytes + "\n" 3 "one space" + "next 78 bytes + "\n" This happens during a ldapsearch operation. If you upload this ldif to a ldapserver these two bytes "\n " will be removed. Conclusion: One may add a newline to a ldif file by adding two characters "\n + space". You may add as many newline you wish. i.e. open l a p becomes "openlap" after opload. open l a p becomes "open l ap" after upload > I strongly dislike very long string values, one > day this will cause mistake and access violation. > > I've tried with Apache DS, ldif import and few puppet modules, > everything require huge line ACL. No, not really. They just require proper formated ldif input. man ldif, section "ENTRY RECORD EXAMPLE", attribute jpegPhoto > Any help will be welcome. read this thread: http://www.openldap.org/lists/openldap-technical/201402/threads.html#00105 here is a small filter which may help you: # cat $(which fmt_olcAccess) #!/bin/sed -rf # Author: Harry Jede # produce human readable but still machine parseable # olcAccess lines and removes the ordering numbers in {} # because humans don't need them, really. # the hole script s/^(olcAccess: )\{[[:digit:]]+\}(.*$)/\1\2/ $!{H;d} ${H;g;s/\n //g;s/[[:space:]]+by /\n by /g} info sed explains the commands in short line 1: removes the ordering numbers line 2: concatenate all lines into hold buffer line 3: move hold buffer back to pattern buffer s/\n //g delete any occurance of "\n " finally search for " by" and add a ldif line break in front of " by" -- Harry Jede
