[Date Prev][Date Next] [Chronological] [Thread] [Top]

[no subject]



                                              Placed At :  MAATDLN


Kannan R@SATYAM
12/01/2002 10:09 AM


Hi..

I'm trying setup an address book on openldap in such a way that only the user
can see his own address book.I have a few doubts regrading this after making a
few valiant attempts to set it up myself..I hope some one can help me with
this..

These are the steps i have folowed in setting it up..

     I have given the ldifs below..

          This is the LDIF I have ported for a user kannan

               dn: uid=kannan,o=addressroot
               uid:kannan
               userPassword:5dOVUlK1ZfxU6
               o:addressroot
               objectClass:organization
               objectclass:addUser

          Now this user Kannan has a few names in his addressbook..
          An example of a name for user kannan will be.the LDIF given below..

          dn: cn=jagan,uid=kannan,o=addressroot
          uid:kannan
          cn:jagan
          sn:jagan
          givenName:jagan
          homePhone:2394184
          mobile:98842394184
          telephoneNumber:2394184
          o:addressroot
          mail:jagan@sify.com
          objectclass:organizationalPerson
          objectclass:person
          objectclass:addressuser
          objectclass:inetOrgPerson


          Now when I have no acls specified then everything works fine and
everybody can view the entire addressbook..I want to authenticate this user
kannan to view only his address book ..so I give the follwoing entries in the
slapd.conf.

               access to dn="uid=*,o=addressroot" by anonymous auth
               access to dn="uid=*,o=addressroot" by * read

When I do a ldapseach then I get insufficient_access.the password I had given is
correct .and I run slapd in full debug mode but am not gettin a readablde
error..except for a few error codes which i understand gets thrown when there is
an insufficient access..Can anyone tell me if theresomething worng int he way my
data has been created or there is something wrong with the acl itself

I have also tried
               access to dn="uid=*,o=addressroot" by users read
     I get the same result..

I hoep somebodt can help me out in this..

regards
kannan