Hi Morgan,
Try changing your target as follows:
From: (target = "cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org")
To: (target = "ldap:///cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org")
David Ritenour
MartinFederal Consulting, LLC
Senior Directory Engineer
513 Madison Street SE
Huntsville, AL 35801
-----Original Message-----
From: Morgan Jones <morgan@morganjones.org>
Sent: Thursday, March 3, 2022 9:36 AM
To: General discussion list for the 389 Directory server project. <389-users@lists.fedoraproject.org>
Subject: [389-users] aci sanity check
** WARNING: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello,
Would someone mind taking a look at the below and tell me what I am missing?? I have a requirement to make a group readable by its members:
morgan@m1macbook ~ % ldapmodify -H ldaps://prdds22.domain.org -x -y pass.txt -f duo_aci_example.ldif modifying entry "cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org"
ldap_modify: Invalid syntax (21)
additional info: ACL Syntax Error(-5):(target = \22cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org\22)(targetfilter = \22(objectclass=groupofuniquenames)\22)(version 3.0; acl \22duo access\22;allow (read, search, compare) groupdn = \22ldap:///cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org\22;)
morgan@m1macbook ~ %
duo_aci_example.ldif:
dn: cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org
changetype: modify
replace: aci
aci: (target = "cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org")
(targetfilter = "(objectclass=groupofuniquenames)")
(version 3.0; acl "duo access";
allow (read, search, compare) groupdn = "ldap:///cn=vpnall,ou=vpnaccess,ou=groups,dc=domain,dc=org";)
thank you!
-morgan
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email and any such files in error and that any use, dissemination, forwarding, printing or copying of this email and/or any such files is strictly prohibited. If you have received this email in error please immediately notify hr@martinfed.com - (855) 212-1810 , and destroy the original message and any such files.
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment