Hi, I forget to add aci to 389-ds. Now, I try it with commands below: 1. sudo dsconf -D 'cn=admin,dc=example,dc=org' ldap://localhost:389 plugin root-dn enable and I get result Enabled plugin 'RootDN Access Control'. 2. sudo ldapmodify -f aci.ldif -x -D 'cn=admin,dc=example,dc=org' -w 1234567890. But the result modifying entry "dc=example,dc=org" ldap_modify: No such object (32). Here's my aci.ldif file:
```bash dn: dc=example,dc=org changetype: modify add: aci aci: (targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone";);) aci: (targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone";);) - ``` I also add those steps in my GitHub repo if you would like to check: https://github.com/kresnasatya/migrate-openldap-to-389-ds-failed/blob/main/README.md _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
