When adding an ACI (Access Control Instruction) to Red Hat Directory Server I receive an "Syntax Error"

Solution Verified - Updated -

Issue

  • in our attempt to minimize insecure traffic with RHDS over port 389 (without SSL or TLS), I'm trying to construct an ACI which should do the following:
    • block all access to the directory server with a security strength factor lower than 56
    • exempt a specific list of users which are added in a group called cn=Insecure Access Users.
  • So far, I have come up with the following ACI to place on the root suffix:
(targetattr = "*") (version 3.0;acl "No insecure access";deny (all)(groupdn != "ldap:///cn=Insecure Access Users,ou=Groups,dc=example,dc=com" and ssf<"56");)
  • However, trying to add this aci gives a syntax error. I'm not sure why because I feel that this syntax should do the trick.

Environment

  • Red Hat Directory Server (RHDS) 9.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content