[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
acl and regex
Hello everyone,
I have the folowing structure in my ldap tree:
dc=com
|
dc=example
|
--------------------------------------------------------
/ \ \
ou=users ou=addressbook cn=admin
/ \
uid(1) uid(2)...
/ \
ou=addressbook ou=addressbook
cn=admin (organizationalRole)
uid=user1 (account, simpleSecurityObject)
ou=addressbook (organizationalUnit)
and I would like to achieve:
1) all users are able to write to (ou=addressbook,dc=example,dc=com),
2) every user has his own private address book to which only he has access to
(ou=addressbook,uid=(.*),ou=users,dc=example,dc=com).
The following config allows all users to access
(ou=addressbook,dc=example,dc=com) but nobody except
(cn=admin,dc=example,dc=com) can access private address books. Why ?
######## slapd.conf ##########
...
#PASSWORDS
access to attrs=userPassword
by dn="cn=admin,dc=example,dc=com" write
by self write
by anonymous auth
by * none
#PRIVATE ADDRESSBOOK
#access to dn.regex="^ou=addressbook,uid=([^,]+),ou=users,dc=example,dc=com$"
access to dn.subtree="ou=addressbook,uid=(.*),ou=users,dc=example,dc=com"
by dn="uid=$1,ou=users,dc=example,dc=com" write
by * read
#ADDRESSBOOK
access to dn.subtree="ou=addressbook,dc=example,dc=com"
by users write
by anonymous none
access to *
by dn="cn=admin,dc=example,dc=com" write
by * none
defaultaccess none
...
###########################
(And I have notice one other thing. If I try to search for a UserPassword the
result is returned only to "cn=admin,dc=example,dc=com", that is all user
passwords. If I try the same thing when I am logged in
as "uid=user1,ou=users,dc=example,dc=com" I get an empty result set and not a
password of a connected user.)
What am I doing wrong ? Thx in advance for answers.
btw: slapd 2.2.26 - kubuntu
regards,
tomaz