When adding an ACI (Access Control Instruction) to Red Hat Directory Server I receive an "Syntax Error"

Solution Verified - Updated -

Issue

  • in our attempt to minimize insecure traffic with RHDS over port 389 (without SSL or TLS), I'm trying to construct an ACI which should do the following:
    • block all access to the directory server with a security strength factor lower than 56
    • exempt a specific list of users which are added in a group called cn=Insecure Access Users.
  • So far, I have come up with the following ACI to place on the root suffix:
(targetattr = "*") (version 3.0;acl "No insecure access";deny (all)(groupdn != "ldap:///cn=Insecure Access Users,ou=Groups,dc=example,dc=com" and ssf<"56");)
  • However, trying to add this aci gives a syntax error. I'm not sure why because I feel that this syntax should do the trick.

Environment

  • Red Hat Directory Server (RHDS) 9.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.