On 31.08.2016 11:49, Deepak Dimri wrote:
Hi All,
I am getting *ACL Syntax Error(-5) *when trying to add ACI to my
freeIPA server. Any idea why i am getting this error?
Maybe your ACI is incorrect?
This is the error i am getting:
ldap_modify: Invalid syntax (21)
*additional info: ACL Syntax
Error(-5)*:(targetattr=\22userclass\22)(targetfilter=\22(objectclass=ipahost)\22)(version3.0;
acl \22permission:Allow admin to modify hosts membership within
permitted hostgroups\22; allow (write) groupdn
=\22ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com\22;)
Can you try here'version3.0;' to put space between version and number
Otherwise it looks good to me.
my ldif entries:
dn: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
add: aci
aci: (targetattr = "userclass")(targetfilter =
"(objectclass=ipahost)")(version3.0;acl "permission:Allow admin to
modify hosts membership within permitted hostgroups";allow (write)
groupdn
="ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com";;)
Also, one general question i should be able to view the ACI under
freeIPA permission tab once it gets created correct?
No, you have to add FreeIPA permission, custom ACIs are not tracked in
webUI/CLI
IMO it should be possible to create this permission using webUI
Martin
Thanks & regards,
Deepak
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
