Re: ACL problem in OpenLDAP

[JOYDEEP <j.bakshi@unlimitedmail.org>]

Hallvard B Furuseth wrote:
> JOYDEEP writes:
>   
>> access to
>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>>     
>
> This matches a DN whose RDN is a 'cn', immediately below ou=personal,
> but not subtrees below ou=personal nor RDNs that are not 'cn's.  Is that
> intentional?
>   
Hi Hallvard,
thanks for your kind response.  here is the address entry of an user bisu


      *uid=96d587132dc79e9cb5acf0c007255008,cn=admin,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap*

at first I had  ^cn=([^,]+) but then nothing can be seen. after changing
it to cn=([^,]+)
address entries are visible.

There was also a line like attrs=entry but after omitting it everything
is working. by the way what is the meaning of that entry ?

More over my present config can't prevent a user to see others personal
addressbook. how can I prevent this ?

thanks once again
>   
>>   by dn.regex="uid=([^,]+),ou=users,virtualDomain=$2,dc=suse,dc=ldap"  read
>>     
>
> Try by dn.expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"      read
>
>   
>>   by users none
>>     
>
> There is an implicit 'by * none' at the end of each access statement, so
> that line is not necessary.  And I assume you want to stop anonymous
> access as well, so it's not as if the 'by users' statement is very
> informative.
>
>