diff --git a/ldap-server/acl_form.cgi b/ldap-server/acl_form.cgi
index e989d8648..3fb066e4c 100644
--- a/ldap-server/acl_form.cgi
+++ b/ldap-server/acl_form.cgi
@@ -6,9 +6,18 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ReadParse();
+# Get ACLs
+if (&get_config_type() == 1) {
+ $conf = &get_config();
+ @access = &find("access", $conf);
+ }
+else {
+ $defdb = &get_default_db();
+ $conf = &get_ldif_config();
+ @access = &find_ldif("olcAccess", $conf, $defdb);
+ }
+
# Page header
-$conf = &get_config();
-@access = &find("access", $conf);
if ($in{'new'}) {
&ui_print_header(undef, $text{'eacl_title1'}, "", "eacl");
$p = { 'what' => '*',
@@ -27,8 +36,9 @@ print &ui_hidden("idx", $in{'idx'});
print &ui_table_start($text{'eacl_header'}, undef, 2);
# Granting to what object
-$what = $p->{'what'} eq '*' ? 1 : 0;
-if ($p->{'what'} =~ /^dn(\.([^=]+))?=(.*)$/i) {
+$what = $p->{'what'} eq '*' || $p->{'what'} eq '' ? 1 : 0;
+if ($p->{'what'} =~ /^dn(\.([^=]+))?="(.*)"$/i ||
+ $p->{'what'} =~ /^dn(\.([^=]+))?=(.*)$/i) {
$dn = $3;
$style = $2;
}
@@ -72,7 +82,7 @@ foreach $b (@{$p->{'by'}}, { }, { }, { }) {
[ 'other', $text{'eacl_other'} ] ],
1, 0, 0, 0,
"style='width:45%' onChange='form.who_$i.disabled = (form.wmode_$i.value != \"other\")'").
- &ui_textbox("who_$i", $kwho ? "" : $b->{'who'}, 30,
+ &ui_textbox("who_$i", $kwho ? "" : $b->{'who'}, 50,
$kwho, undef, "style='width:45%'"),
# What access level? Show textbox if complex
diff --git a/ldap-server/delete_acls.cgi b/ldap-server/delete_acls.cgi
index 6bc122de2..414f9f7d3 100644
--- a/ldap-server/delete_acls.cgi
+++ b/ldap-server/delete_acls.cgi
@@ -9,8 +9,17 @@ $access{'acl'} || &error($text{'acl_ecannot'});
# Filter out un-wanted rules
&lock_slapd_files();
-$conf = &get_config();
-@access = &find("access", $conf);
+
+if (&get_config_type() == 1) {
+ $conf = &get_config();
+ @access = &find("access", $conf);
+ }
+else {
+ $defdb = &get_default_db();
+ $conf = &get_ldif_config();
+ @access = &find_ldif("olcAccess", $conf, $defdb);
+ }
+
%d = map { $_, 1 } split(/\0/, $in{'d'});
keys(%d) || &error($text{'dacl_enone'});
for($i=0; $i<@access; $i++) {
@@ -18,8 +27,13 @@ for($i=0; $i<@access; $i++) {
}
# Save them
-&save_directive($conf, "access", @newaccess);
-&flush_file_lines($config{'config_file'});
+if (&get_config_type() == 1) {
+ &save_directive($conf, "access", @newaccess);
+ }
+else {
+ &save_ldif_directive($conf, "olcAccess", $defdb, @newaccess);
+ }
+&flush_file_lines();
&unlock_slapd_files();
&webmin_log("delete", "accesses", scalar(keys(%d)));
diff --git a/ldap-server/down_acl.cgi b/ldap-server/down_acl.cgi
index fb94ec866..ec4c19470 100644
--- a/ldap-server/down_acl.cgi
+++ b/ldap-server/down_acl.cgi
@@ -6,17 +6,36 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ReadParse();
-# Find it
&lock_slapd_files();
-$conf = &get_config();
-@access = &find("access", $conf);
-$p = &parse_ldap_access($access[$in{'idx'}]);
-# Move up
-($access[$in{'idx'}+1], $access[$in{'idx'}]) =
- ($access[$in{'idx'}], $access[$in{'idx'}+1]);
-&save_directive($conf, "access", @access);
-&flush_file_lines($config{'config_file'});
+if (&get_config_type() == 1) {
+ # Move down in old-style config
+ $conf = &get_config();
+ @access = &find("access", $conf);
+ ($access[$in{'idx'}+1], $access[$in{'idx'}]) =
+ ($access[$in{'idx'}], $access[$in{'idx'}+1]);
+ &save_directive($conf, "access", @access);
+ &flush_file_lines($config{'config_file'});
+ }
+else {
+ # Move down in LDIF config
+ $defdb = &get_default_db();
+ $conf = &get_ldif_config();
+ @access = &find_ldif("olcAccess", $conf, $defdb);
+ ($access[$in{'idx'}+1], $access[$in{'idx'}]) =
+ ($access[$in{'idx'}], $access[$in{'idx'}+1]);
+ if ($access[$in{'idx'}]->{'values'}->[0] =~ /^\{\d+\}to/ &&
+ $access[$in{'idx'}+1]->{'values'}->[0] =~ /^\{\d+\}to/) {
+ # Swap indexes too
+ ($access[$in{'idx'}]->{'values'}->[0],
+ $access[$in{'idx'}+1]->{'values'}->[0]) =
+ ($access[$in{'idx'}+1]->{'values'}->[0],
+ $access[$in{'idx'}]->{'values'}->[0]);
+ }
+ &save_ldif_directive($conf, "olcAccess", $defdb, @access);
+ &flush_file_lines();
+ }
+
&unlock_slapd_files();
&webmin_log("down", "access", $p->{'what'});
diff --git a/ldap-server/edit_acl.cgi b/ldap-server/edit_acl.cgi
index b43749de8..f91e64b14 100644
--- a/ldap-server/edit_acl.cgi
+++ b/ldap-server/edit_acl.cgi
@@ -6,8 +6,17 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ui_print_header(undef, $text{'acl_title'}, "", "acl");
-$conf = &get_config();
-@access = &find("access", $conf);
+# Get ACLs
+if (&get_config_type() == 1) {
+ $conf = &get_config();
+ @access = &find("access", $conf);
+ }
+else {
+ $defdb = &get_default_db();
+ $conf = &get_ldif_config();
+ @access = &find_ldif("olcAccess", $conf, $defdb);
+ }
+
@crlinks = ( "$text{'acl_add'}" );
if (@access) {
# Show table of ACLs
diff --git a/ldap-server/index.cgi b/ldap-server/index.cgi
index 5a955b270..75a08e34e 100644
--- a/ldap-server/index.cgi
+++ b/ldap-server/index.cgi
@@ -79,7 +79,8 @@ if ($p && ref($ldap) && $access{'browser'}) {
if ($local) {
# All local server icons
@pages = ( &get_config_type() == 1 ? "slapd" : "ldif",
- "schema", "acl", "browser", "create" );
+ &get_config_type() == 1 ? ( "schema" ) : ( ),
+ "acl", "browser", "create" );
}
else {
# Just browser and DN creator
diff --git a/ldap-server/lang/en b/ldap-server/lang/en
index 4b1c7c0a9..5bd1d3b88 100644
--- a/ldap-server/lang/en
+++ b/ldap-server/lang/en
@@ -284,6 +284,7 @@ access_read=read
access_write=write
access_all=anyone
access_any=All objects
+access_nodn=Objects with no DN
access_lnone=No access
access_lauth=Authenticate
access_lcompare=Compare
diff --git a/ldap-server/ldap-server-lib.pl b/ldap-server/ldap-server-lib.pl
index fbf1dfdf1..bf866d1c4 100644
--- a/ldap-server/ldap-server-lib.pl
+++ b/ldap-server/ldap-server-lib.pl
@@ -633,8 +633,11 @@ sub parse_ldap_access
local ($a) = @_;
local @v = @{$a->{'values'}};
local $p = { };
-shift(@v); # Remove to
-$p->{'what'} = shift(@v); # Object
+print STDERR "v=",join("/", @v),"\n";
+shift(@v); # Remove to or {x}to
+if ($v[0] !~ /^(filter|attrs)=/) {
+ $p->{'what'} = shift(@v); # Object
+ }
if ($v[0] =~ /^filter=(\S+)/) {
# Filter added to what
$p->{'filter'} = $1;
@@ -665,11 +668,12 @@ while(@v) {
push(@{$p->{'by'}}, $by);
}
$p->{'bydesc'} = join(", ", @descs);
-if ($p->{'what'} eq '*') {
+if ($p->{'what'} eq '*' || $p->{'what'} eq '') {
$p->{'whatdesc'} = $text{'access_any'};
}
-elsif ($p->{'what'} =~ /^dn(\.[^=]+)?=(.*)$/) {
- $p->{'whatdesc'} = "$2";
+elsif ($p->{'what'} =~ /^dn(\.[^=]+)?="(.*)"$/ ||
+ $p->{'what'} =~ /^dn(\.[^=]+)?=(.*)$/) {
+ $p->{'whatdesc'} = $2 ne '' ? "$2" : $text{'access_nodn'};
}
else {
$p->{'whatdesc'} = $p->{'what'};
diff --git a/ldap-server/up_acl.cgi b/ldap-server/up_acl.cgi
index 659816af2..3ecac15f4 100644
--- a/ldap-server/up_acl.cgi
+++ b/ldap-server/up_acl.cgi
@@ -6,17 +6,36 @@ require './ldap-server-lib.pl';
$access{'acl'} || &error($text{'acl_ecannot'});
&ReadParse();
-# Find it
&lock_slapd_files();
-$conf = &get_config();
-@access = &find("access", $conf);
-$p = &parse_ldap_access($access[$in{'idx'}]);
-# Move up
-($access[$in{'idx'}-1], $access[$in{'idx'}]) =
- ($access[$in{'idx'}], $access[$in{'idx'}-1]);
-&save_directive($conf, "access", @access);
-&flush_file_lines($config{'config_file'});
+if (&get_config_type() == 1) {
+ # Move up in old-style config
+ $conf = &get_config();
+ @access = &find("access", $conf);
+ ($access[$in{'idx'}-1], $access[$in{'idx'}]) =
+ ($access[$in{'idx'}], $access[$in{'idx'}-1]);
+ &save_directive($conf, "access", @access);
+ &flush_file_lines($config{'config_file'});
+ }
+else {
+ # Move up in LDIF config
+ $defdb = &get_default_db();
+ $conf = &get_ldif_config();
+ @access = &find_ldif("olcAccess", $conf, $defdb);
+ ($access[$in{'idx'}-1], $access[$in{'idx'}]) =
+ ($access[$in{'idx'}], $access[$in{'idx'}-1]);
+ if ($access[$in{'idx'}]->{'values'}->[0] =~ /^\{\d+\}to/ &&
+ $access[$in{'idx'}-1]->{'values'}->[0] =~ /^\{\d+\}to/) {
+ # Swap indexes too
+ ($access[$in{'idx'}]->{'values'}->[0],
+ $access[$in{'idx'}-1]->{'values'}->[0]) =
+ ($access[$in{'idx'}-1]->{'values'}->[0],
+ $access[$in{'idx'}]->{'values'}->[0]);
+ }
+ &save_ldif_directive($conf, "olcAccess", $defdb, @access);
+ &flush_file_lines();
+ }
+
&unlock_slapd_files();
&webmin_log("up", "access", $p->{'what'});