[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Still Group access problems...
Hi,
Since my last posting of the group access problems I had it seemed to work
OK, but I only tested it with read access. Now I tested it with ACL write
access and now I got a strange problem!!!
This is my only ACL for testing:
access to dn=".*,o=elex,c=be"
by group="cn=administrators,o=elex,c=be" write
by * none
ldapsearch works for the administrators, ldapmodify also works but
ldapdelete and ldapadd don't work. And ldapmodify with -a option don't work
either
This is the group:
dn: cn=administrators,o=elex,c=be
objectclass: top
objectclass: groupOfNames
cn: administrators
description: Administrators of the domain
member: cn=Koen Bosmans,o=elex,c=be
member: cn=Peter Tillemans,o=elex,c=be
member: cn=Marc Collignon,o=elex,c=be
This is the access debug code I get when Adding or deleting:
=> access_allowed: entry (o=elex,c=BE) attr (children)
=> acl_get: entry (o=elex,c=BE) attr (children)
<= acl_get: no match
=> acl_access_allowed: write access to entry "o=elex,c=BE"
=> acl_access_allowed: write access to value "any" by "CN=KOEN
BOSMANS,O=ELEX,C=BE"
<= acl_access_allowed: denied by default (no matching to)
=> access_allowed: exit (o=elex,c=BE) attr (children)
Looks like he can't find a matching ACL for add, but why can he find an ACL
for search or modify????
Koen Bosmans