[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Again ACL problems
I have a problem by configuring access to an shared address book.
Users and groups are defined in following structure:
dc=mycompany,dc=org
|--ou=abook
| |----cn=adressbookentry1
| |----cn=adressbookentry2
| |----......
|--ou=groups
| |----cn=group1
| |----cn=abook_rw
| |----cn=abook_ro
| |----........
|--ou=users
| |----uid=user1(member of group "abook_rw")
| |----uid=user2(member of group "abook_ro")
| |----.........
Now users of group "abook_rw" should be able to write/edit an entry into
"ou=abook", but members of "abook_ro" should have read-only access.
I tried this "slapd.conf" config entry:
access to dn.subtree="ou=abook,dc=mycompany,dc=org"
by group="cn=abook_rw,dc=mycompany,dc=org" write
by group="cn=abook_ro,dc=mycompany,dc=org" read
But only "ldaproot" can access "ou=abook" by using ldap- client software
(KAdressbook, LDAP- Editor)! What is wrong?
--
Mit freundlichen GrÃÃen
Sebastian Reinhardt