From: Craig W. <cra...@az...> - 2011-06-11 23:57:25
|
On Sat, 2011-06-11 at 15:05 -0700, Jamie Cameron wrote: > On 11/Jun/2011 04:47 Craig White <cra...@az...> wrote .. > > On Fri, 2011-06-10 at 22:44 -0700, Jamie Cameron wrote: > > > On 10/Jun/2011 20:59 Craig White <cra...@az...> wrote .. > > > > Seems as though it is having a problem parsing one of my ACL's > > > > > > > > The output (dynamic is butt ugly) > > > > olcAccess: {3}to > > > > dn.regex="^ou=AddressBook,uid=([^,]+),ou=People,dc=azapple,dc > > > > =com$$" attrs=children,entry,inetOrgPerson,organizationalPerson > > > > b > > > > y dn="cn=admin,dc=azapple,dc=com" write by dn.exact,expand="uid= > > > > $1,ou=P > > > > eople,dc=azapple,dc=com" write by > > > > dn.exact="uid=Administrator,ou=People > > > > ,dc=azapple,dc=com" write by anonymous auth by * none > > > > > > > > and webmin's view is parsing it incorrectly... > > > > > > > > http://www.lightsonthenet.com/Craig/screenshot1.png > > > > > > > > You can see what Webmin parses it as - the 3rd ACL > > > > > > Hi Craig, > > > > > > Are those lines above from your LDAP config file? I'd be interested > > > to see what is actually in the underlying config file, which should tell > > > me how Webmin is getting it wrong .. > > ---- > > the lines above were from the #3 ACL in the DSA itself (output from an > > ldapsearch command - the same line that parsed wrong by webmin). This is > > how it looked before I added it (a clean look but the same info): > > > > olcAccess: to dn.regex="^uid=([^,]+)ou=People,$base_dsa$$" > > by dn="cn=admin,$base_dsa" write > > by self read > > by dn.exact="uid=Administrator,ou=People,$base_dsa" write > > by anonymous auth > > by * none > > > > It's the same as above but much more readable. > > Ok, thanks .. that explains it now. The problem is that Webmin isn't > parsing multi-line directives properly, causing corruption. I will fix > this in the next release, but the work-around till then is to manually > combine that until a single line like : > > olcAccess: to dn.regex="^uid=([^,]+)ou=People,$base_dsa$$" by dn="cn=admin,$base_dsa" write by self read by dn.exact="uid=Administrator,ou=People,$base_dsa" write by anonymous auth by * none ---- Thanks - just thought I would report on the anomaly so you had a chance to review... it obviously isn't a showstopper at all. that makes sense but I keep them multi-line because it's easy for me to read them and make sense from them whereas the single line I lose sight of the details. Interestingly enough, all 11 of my ACL's were multi-line but this was the only one that Webmin didn't parse correctly. To be honest, I never really looked at my ACL's via Webmin before this but I also always previously used the flat-file LDAP configuration. I can't say that I am a fan of the dynamic backend (Ubuntu) but I have pretty much given up on CentOS and the dynamic backend is what I get from Ubuntu without completely reconfiguring it and so I have pretty much scripted an LDAP setup. In fact, if you are interested in the scripted steps which are mostly (but not completely) a turnkey install of a fresh minimal setup for Ubuntu 10.04 (not tested with any other release) dynamic setup, I can send them to you. Perhaps there's a way you can use them with Webmin. Intent is for LDAP w/ Samba integration. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |