[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
dnattr
regarding my ACL problem i have tried to solve it by using this ACL:
# Access to groups addressbooks
# allow read of addressbook by members and egwadmin account
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=entry
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" read
by dn.regex="cn=admin,dc=graylion,dc=net" write
by users none
# allow members to create entries in their group addressbooks; no-one
else can a
ccess it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha
by dnattr=memberUid write
# by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
by users none
# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=children
by dnattr=memberUid write
# by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
by users none
the group looks like this:
dn: cn=GraylionEnterprises,ou=groups,dc=graylion,dc=net
cn: GraylionEnterprises
gidNumber: 7
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: ...
objectClass: top
objectClass: posixGroup
and on restarting slapd I get:
Starting OpenLDAP: running BDB recovery, slapd - failed:
/usr/share/egroupware/addressbook/doc/acl_addressbook.conf: line 37:
dnattr "memberUid": inappropriate syntax: 1.3.6.1.4.1.1466.115.121.1.26
thanks
Bernhard
--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net