> On 27 Nov 2019, at 03:25, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote: > >> >> In my OpenLdap we have ACL policies is there any script available to convert OpenLDAP acl policies to 389-ds policies.? > There is no script that I am aware of for such things. You will need to recreate them manually. > > As for your IRC question, you can not have a single ACI with allow and deny rules. You need two separate ACI's to do that. If you give us some specific examples we can help with the syntax, etc. Thanks for following up Mark: 389's aci syntax is very different to OpenLDAP so you'll probably need to redesign your access controls in the migration. We're happy to help review, In general you want allow-only rules, and it's the "lack of allow" that is a "deny". > > > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
