On Tue, Jan 12, 2016 at 2:12 PM, Howard Chu <[email protected]> wrote:
> [email protected] wrote:
>
>>
>> On Jan 12, 2016, at 13.02, Katherine Faella <[email protected]> wrote:
>>>
>>> For the life of me I can not figure out the syntax for performing this.
>>> Here is my snippet of config.ldif:
>>>
>>>
>>> dn: olcDatabase={1}hdb,cn=config
>>> objectClass: olcDatabaseConfig
>>> objectClass: olcHdbConfig
>>> olcDatabase: {1}hdb
>>> olcSuffix: dc=sakai,dc=uri,dc=edu
>>> olcAccess: {0}to * by peername.ip="131.128.1.0%255.255.255.0" +0 break
>>> by
>>> peername.ip="131.128.122.0%255.255.255.0" +0 break by
>>> peername.ip="158.123
>>> .255.8%255.255.255.248" +0 break by peername.ip="127.0.0.1" +0 break
>>> olcAccess: {1}to * by
>>> dn.regex="^URIEduauthid=.+,dc=sakai,dc=uri,dc=edu$$"
>>> read by * auth
>>> olcAddContentAcl: FALSE
>>> olcLastMod: TRUE
>>> olcMaxDerefDepth: 15
>>> olcReadOnly: FALSE
>>> olcRootDN: cn=Manager,dc=sakai,dc=uri,dc=edu
>>> .....
>>>
>>> I need to remove the olcAccess {0} as we need to access this server from
>>> new ips. We are using a firewall to protect the server going forward.
>>>
>>> I have created the file removeips containing:
>>>
>>> dn: olcDatabase={1}hdb,cn=config
>>> changetype: modify
>>> delete: olcAccess
>>> olcAccess: {1}
>>>
>>
>> there is no olcaccess attribute with a value of "{1}".
>>
>
> That is not relevant. The ordered values syntax allows modifications of
> this form. https://tools.ietf.org/html/draft-chu-ldap-xordered-00
>
> additionally, if you wish to delete the attribute whose value starts with
>> {0}, i'm not sure why you're specifying the attribute whose value starts
>> with {1} in your ldif.
>>
>
> Yes, that's the better question.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
The olcAccess: {1} was a typo. My removeips file contains:
dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {0}
I am running the modify with: ldapmodify -W -x -h antons.uri.edu -D
"cn=admin,cn=config" -f /root/ldapscripts/removeips
Enter LDAP Password:
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: No such attribute (16)
additional info: modify/delete: olcAccess: no such attribute
Which is where I am having trouble. I believe that deleting the {0}
element should keep the {1} and move it up to the correct position.
--
Katherine Faella tel: (401) 874-4469
Senior Technical Programmer [email protected]
University of Rhode Island
University Computing Systems(UCS)
210 Flagg Road
Kingston, Rhode Island
