views:

216

answers:

1

hi all,

in /etc/openldap/slapd.conf I have this acl and works:

access to dn.subtree="ou=users,dc=domain"
    by group/groupofuniquenames/uniquemember="cn=partner,ou=groups,dc=domain" write
    by users read  

When I want to configure it in OpenSuSE 11.1 Yast2 LDAP server configuration it generates me file /etc/openldap/slap.d/cn=config/olcDatabase={1}bdb.ldif whit acl:

olcAccess: {3}to dn.subtree="ou=users,dc=domain" by  group="cn=partner,ou=groups,dc=domain" manage  

How can i set it from "by group" to "by group/groupofuniquenames/uniquemember" like in slapd.conf?

thanks, Al

A: 

Got it! I have changed by group clauseto by group/groupofuniquenames/uniquemember in that file olcDatabase={1}bdb.ldif Server must be started from yast2 (service ldap restart does not work even withou this change - it's strange!) Yast2 configuration is then disabled because yast ldap module don't know group/groupofuniquenames/uniquemember access control rule. But LDAP works correctly.

bye

Ales