fre, 2002-09-13 kl. 07:26 skrev Michiko Nagara: > I have created the following group. > (made reference to FAQ: > How do I use groups as manage access contorls?) > +-dc=example,dc=com > +--cn=administrators,dc=example,dc=com > +--cn=fred blogs,dc=example,dc=com You haven't said whether you've made a record for Fred Bloggs, but I presume you have. > dn:cn=administrators,dc=example,dc=com > cn: administrators of this region > objectclass: groupOfNames > objectclass: top > member: cn=fred blogs,dc=example,dc=com > member: cn=somebody else,dc=example,dc=com O.k. > access to * > by group="cn=administrators,dc=example,dc=com" write > by * auth I have a group, peoplemanagers, that has *limited* rights to change certain attributes of members of a local group. These attributes are personal details, such as phone number, password etc. This is the relevant line from my ACL, it works :-) This is on a single line: by group="cn=peoplemanagers,ou=groups,dc=billy,dc=demon,dc=nl" dnattr=member write > When I tried to modify dn "cn=fred blogs,dc=example,dc=com", > it works fine. > But when I tried to search filter "(objectclass=*)", I got > no entries. Well, it works for me (with 2.1.4 /Berkeley 4.0.14). So, have you indexed objectclass in slapd.conf (eq,pres), and have you run slapindex (don't forget that the indices in the DB directory have to be able to be read by the slapd user). Best, Tony -- Tony Earnshaw Tha can allway tell a Yorkshireman, but tha canna tell 'im much. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel