[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: read ACL working but write ACL not

To: openldap-software@openldap.org
Subject: Re: read ACL working but write ACL not
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Fri, 06 Jul 2007 21:49:18 +0200
In-reply-to: <468E0E98.10501@unlimitedmail.org> (JOYDEEP's message of "Fri, 06 Jul 2007 15:12:48 +0530")
References: <468E0E98.10501@unlimitedmail.org>
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

JOYDEEP <j.bakshi@unlimitedmail.org> writes:

> Dear list,
>
> Please see below my LDAP structure

[...]
>
> *################ personal ACL #######################
> access to
> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>   by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" 
> read
>   by * none
>
> access to
> dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$"
>   by dn.regex="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
>   by * none
> #################################################
>
> the log reports ****tag=105 err=50 text=no write access to parent**********
> could any one suggest how to solve the problem ?
> thanks

Allow access to the pseudo attributs entry and children of the parent.

access to
 dn.regex=^ou=personal,ou=contacts,ou=contactsvirtualDomain.....
 attrs=entry,children,@someObjectClass
 by ...

-Dieter 

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Follow-Ups:
- Re: read ACL working but write ACL not
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>

References:
- read ACL working but write ACL not
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>

Prev by Date: Re: using openldap as a translation layer.
Next by Date: Schema change in master-slave setup
Index(es):
- Chronological
- Thread