directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <>
Subject How to retrieve ACI entries from the directory
Date Mon, 06 Oct 2008 13:53:26 GMT
I have successfully defined several ACIs within my directory. All but 
one of them is working as intended.

I created my ACI's with ldif files, so I have clear documentation of 
what I did and need to think carefully about their interactions to fix 
my current problem.

I tried to retrieve my ACI's from the directory using the linux openldap 
ldapsearch command, but so far have not been successful.

My ACI's all have dn's of the form cn=rulename,o=myDomain. When I search 
the directory with the "+" attribute (i.e. return control attributes), 
each normal ldap object under the root ACSA lists the dn's and oid's of 
the ACI's in force for that object.

However, when I search for "objectclass=accessControlSubentry", nothing 
is returned (with or without the "+" attribute). Even searching for the 
explicit dn of a known ACI doesn't return anything.

Do you think this is a "user error", or a problem with the openldap 
ldapsearch, or apacheds? I am using the 1.5.4 release.

Any suggestions would be welcome. Thanks!


View raw message