On 27 Nov 2019, at 03:25, Mark Reynolds <mreynolds(a)redhat.com>
wrote:
>
> In my OpenLdap we have ACL policies is there any script available to convert OpenLDAP
acl policies to 389-ds policies.?
There is no script that I am aware of for such things. You will need to recreate them
manually.
As for your IRC question, you can not have a single ACI with allow and deny rules. You
need two separate ACI's to do that. If you give us some specific examples we can help
with the syntax, etc.
Thanks for following up Mark:
389's aci syntax is very different to OpenLDAP so you'll probably need to redesign
your access controls in the migration. We're happy to help review,
In general you want allow-only rules, and it's the "lack of allow" that is a
"deny".
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs