11

When modifying the Open-LDAP configuration using:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to *
 by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
 by * none

I get the error:

ldap_modify: Other (e.g., implementation specific) error (80)
    additional info: <olcAccess> handler exited with 1
Mildred
  • 815
  • 2
  • 10
  • 16

4 Answers4

16

This is because the line continuation in the ldif file removes the first space and the attribute is considered to be: {0}to *by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" writeby * none (which is invalid)

So, put an extra space in front of the line continuations:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to *
  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
  by * none
Mildred
  • 815
  • 2
  • 10
  • 16
1

Keep in mind that this error is thrown when your olcAccess statement has other syntax problems, too. For instance, I used a keyword in one of my 'by' clauses that didn't belong there and rather than telling me "you can't use 'UID' here" it kept saying "slapd: line 0: expecting 'access' got [my DN]". The errors for this thing are obtuse.

blamblambunny
  • 121
  • 2
0

You need to create this file mod_acl.ldif with the following content with the exact format, very tricky. And use the following command:

ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f mod_acl.ldif

The expecting result is:

modifying entry "olcDatabase={1}mdb,cn=config"

Content mod_acl.ldif

dn: olcDatabase={1}mdb,cn=config
replace: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey
 by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write
 by * none
-
add: olcAccess
olcAccess: to dn.base=""
  by * read
-
add: olcAccess
olcAccess: to *
  by dn="cn=admin,dc=example,dc=com" write
  by * read

Be carefull the type of Ldap database can change depending of you implementation can be mdb, hdb or other depends of your installation.

473183469
  • 1,350
  • 1
  • 12
  • 23
Yanelis Serrano Taylor
  • 1
-1

This usually happens when you copy and paste from web pages.

I sorted out such problem by following the instructions mentioned by @Mildred and also I used :set ff=unix in the Vim editor to ignore any bad formats

kenlukas
  • 2,886
  • 2
  • 14
  • 25
Mustafa A Alzubi
  • 1
  • 1