Quick ACL help

[Fran Fabrizio <fran@cis.uab.edu>]

I am having a bit of trouble getting an ACL set correctly and could use 
an extra set of eyes to look at this and help me debug what the problem 
is.  ACLs are not my strong point and I am in a jam with this today.  
Thanks.

Here is the -d 128 debugging output from slapd...

--------------
=> access_allowed: write access to 
"ou=addr,uid=fran,ou=People,dc=cis,dc=uab,dc=edu" "children" requested
=> dn: [2] dc=cis,dc=uab,dc=edu
=> acl_get: [2] matched
=> acl_get: [2] attr children
=> acl_mask: access to entry 
"ou=addr,uid=fran,ou=People,dc=cis,dc=uab,dc=edu", attr "children" requested
=> acl_mask: to all values by "uid=fran,ou=people,dc=cis,dc=uab,dc=edu", 
(=n)
<= check a_dn_pat: self
<= check a_dn_pat: uid=oxadmin,ou=people,dc=cis,dc=uab,dc=edu
<= check a_dn_pat: *
<= acl_mask: [3] applying read(=rscx) (stop)
<= acl_mask: [3] mask: read(=rscx)
=> access_allowed: write access denied by read(=rscx)
---------------

...and here are the ACL entries that should govern write access to this 
area of the LDAP hierarchy....

---------------
access to 
dn.regex="^ou=addr,(uid=([^,]+),ou=people,dc=cis,dc=uab,dc=edu)$" 
attrs=children
   by dn.exact,expand="$1" write
   by dn="uid=oxadmin,ou=People,dc=cis,dc=uab,dc=edu" write
                                                                               

access to 
dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=people,dc=cis,dc=uab,dc=edu)$" 
attrs=entry
   by dn.exact,expand="$2" write
   by dn="uid=oxadmin,ou=People,dc=cis,dc=uab,dc=edu" write

access to *
   by self write
   by * read
----------------

Can anyone see anything obvious as to why I am getting denied write access?

Thanks,
Fran                                                                               


--
Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama at Birmingham
http://www.cis.uab.edu/
205.934.0653