[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: addressbook ACLs - cannot create contact in group address book.
Bernhard D Rohrer <graylion@sm-wg.net> writes:
> hi folks
>
> I have the following ACL for my groups:
>
> # Access to groups addressbooks
>
> # allow read of addressbook by members and egwadmin account
> access to
> dn.regex="^cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
> attrs=entry
> by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" read
> by dn.regex="cn=admin,dc=graylion,dc=net" write
> by users none
>
> # allow members to create entries in there group addressbooks; no-one
> else can access it
> # needs write access to the entries ENTRY attribute ...
> access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
> attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha
> by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
> by users none
>
> # ... and the entries CHILDREN
> access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
> attrs=children
> by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
> by users none
>
>
>
> the LDIF of one of my groups is:
>
> dn: cn=GraylionEnterprises,ou=groups,dc=graylion,dc=net
> cn: GraylionEnterprises
> gidNumber: 7
> memberUid: user1
> memberUid: user2
> memberUid: user3
> memberUid: ...
> objectClass: top
> objectClass: posixGroup
>
> and the log shows this error:
>
> Mar 15 17:20:27 diskslave slapd[6657]: => bdb_entry_get: found entry:
> "cn=graylionenterprises,ou=groups,dc=graylion,dc=net"
> Mar 15 17:20:27 diskslave slapd[6657]: <= bdb_entry_get: failed to find
> objectClass
See man slapd.access(5), the dn style group expects objectclass
groupOfnames as default. if you use other object classes, you have to
define these, something like
'by group/posixgroup/memberUid'
If you use posixgroup it might be necessary to map the memberUid
attribute value to a dn.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6