[Date Prev][Date Next] [Chronological] [Thread] [Top]

Still Group access problems...



Hi,

Since my last posting of the group access problems I had it seemed to work
OK, but I only tested it with read access. Now I tested it with ACL write
access and now I got a strange problem!!!
This is my only ACL for testing:

access to dn=".*,o=elex,c=be"
        by group="cn=administrators,o=elex,c=be"                write
        by *                                                    none

ldapsearch works for the administrators, ldapmodify also works but
ldapdelete and ldapadd don't work. And ldapmodify with -a option don't work
either

This is the group:

dn: cn=administrators,o=elex,c=be
objectclass: top
objectclass: groupOfNames
cn: administrators
description: Administrators of the domain
member: cn=Koen Bosmans,o=elex,c=be
member: cn=Peter Tillemans,o=elex,c=be
member: cn=Marc Collignon,o=elex,c=be


This is the access debug code I get when Adding or deleting:

=> access_allowed: entry (o=elex,c=BE) attr (children)

=> acl_get: entry (o=elex,c=BE) attr (children)
<= acl_get: no match

=> acl_access_allowed: write access to entry "o=elex,c=BE"

=> acl_access_allowed: write access to value "any" by "CN=KOEN
BOSMANS,O=ELEX,C=BE"
<= acl_access_allowed: denied by default (no matching to)

=> access_allowed: exit (o=elex,c=BE) attr (children)


Looks like he can't find a matching ACL for add, but why can he find an ACL
for search or modify????


Koen Bosmans