[Date Prev][Date Next] [Chronological] [Thread] [Top]

Addressbook ACL woes

To: openldap-software@openldap.org
Subject: Addressbook ACL woes
From: Bernhard D Rohrer <graylion@sm-wg.net>
Date: Wed, 04 Apr 2007 20:43:59 +0100
User-agent: Thunderbird 1.5.0.10 (X11/20070306)

Hi Folks

I have the following ACL

# allow user to create entries in own addressbook; no-one else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$"
        attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha
        by dn.regex="uid=$1,ou=accounts,dc=graylion,dc=net" write
        by dn.regex="cn=admin,dc=graylion,dc=net" read
        by users none

# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$"
        attrs=children
        by dn.regex="uid=$1,ou=accounts,dc=graylion,dc=net" write
        by dn.regex="cn=admin,dc=graylion,dc=net" read
        by users none

when I try to create an addressbook entry I get the following error message:

Apr 4 19:27:31 collab slapd[32121]: conn=30 op=4 ADD dn="cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net" Apr 4 19:27:31 collab slapd[32121]: conn=29 op=5 ADD dn="uid=3c1fe30f930ea6cf1c0a85cd76d2b52d,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net" Apr 4 19:27:31 collab slapd[32121]: conn=29 op=5 RESULT tag=105 err=50 text=no write access to parent Apr 4 19:27:31 collab slapd[32121]: conn=30 op=4 RESULT tag=105 err=0 text=

even though it just added the parent?? consecutive attempts do not bring any help.

any help appreciated

cheers

Bernhard
--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net

Prev by Date: startup costs was Re: filter preprocessing for performance improvement
Next by Date: Re: startup costs was Re: filter preprocessing for performance improvement
Index(es):
- Chronological
- Thread