[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: read ACL working but write ACL not
Dieter Kluenter wrote:
> JOYDEEP <j.bakshi@unlimitedmail.org> writes:
>
>
>> Dear list,
>>
>> Please see below my LDAP structure
>>
>
> [...]
>
>> *################ personal ACL #######################
>> access to
>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>> by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"
>> read
>> by * none
>>
>> access to
>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$"
>> by dn.regex="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write
>> by * none
>> #################################################
>>
>> the log reports ****tag=105 err=50 text=no write access to parent**********
>> could any one suggest how to solve the problem ?
>> thanks
>>
>
> Allow access to the pseudo attributs entry and children of the parent.
>
> access to
> dn.regex=^ou=personal,ou=contacts,ou=contactsvirtualDomain.....
> attrs=entry,children,@someObjectClass
> by ...
>
> -Dieter
>
>
Thanks Dieter for your response,
I have modified the ACL according to your suggestion and it is
access to
dn.regex="^ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
attrs=entry,children,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
by
dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write
by * none
but still I have the same problem and the log reports as
conn=40 op=2 ADD
dn="uid=d61af5515669698f52734f247c0f68ae,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap"
Jul 9 08:00:53 lvps87-230-8-228 slapd[14106]: conn=40 op=2 RESULT
tag=105 err=50 text=no write access to parent
Please help me to solve it. thanks a lot for your help