[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[no subject]
Placed At : MAATDLN
Kannan R@SATYAM
12/01/2002 10:09 AM
Hi..
I'm trying setup an address book on openldap in such a way that only the user
can see his own address book.I have a few doubts regrading this after making a
few valiant attempts to set it up myself..I hope some one can help me with
this..
These are the steps i have folowed in setting it up..
I have given the ldifs below..
This is the LDIF I have ported for a user kannan
dn: uid=kannan,o=addressroot
uid:kannan
userPassword:5dOVUlK1ZfxU6
o:addressroot
objectClass:organization
objectclass:addUser
Now this user Kannan has a few names in his addressbook..
An example of a name for user kannan will be.the LDIF given below..
dn: cn=jagan,uid=kannan,o=addressroot
uid:kannan
cn:jagan
sn:jagan
givenName:jagan
homePhone:2394184
mobile:98842394184
telephoneNumber:2394184
o:addressroot
mail:jagan@sify.com
objectclass:organizationalPerson
objectclass:person
objectclass:addressuser
objectclass:inetOrgPerson
Now when I have no acls specified then everything works fine and
everybody can view the entire addressbook..I want to authenticate this user
kannan to view only his address book ..so I give the follwoing entries in the
slapd.conf.
access to dn="uid=*,o=addressroot" by anonymous auth
access to dn="uid=*,o=addressroot" by * read
When I do a ldapseach then I get insufficient_access.the password I had given is
correct .and I run slapd in full debug mode but am not gettin a readablde
error..except for a few error codes which i understand gets thrown when there is
an insufficient access..Can anyone tell me if theresomething worng int he way my
data has been created or there is something wrong with the acl itself
I have also tried
access to dn="uid=*,o=addressroot" by users read
I get the same result..
I hoep somebodt can help me out in this..
regards
kannan