[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: This ACL doesn't work
>>> Fulvio Parnigoni <fparnigoni@videosoft.biz> schrieb am 28.07.2014 um 12:09 in
Nachricht <53D62155.2090604@videosoft.biz>:
> Hi all,
> - Debian Wheezy
> - Openldap 2.4.31
>
> I want a group (mk_group) can write to the addressbook:
>
> ~#ldapsearch -xLLL cn=mk_group
>
> dn: cn=mk_group,ou=Groups,dc=csr,dc=ld
> gidNumber: 1001
> cn: mk_group
> objectClass: top
> objectClass: posixGroup
> memberUid: fulvio
> memberUid: pinco
> memberUid: pallino
> memberUid: ciccio
Did you try using DN syntax for the memberUIDs? The definition says member is a DN...
>
> Every memberUid exists in the branch ou=Users
>
> ~# ldapsearch -xLLL ou=addressbook
>
> dn: ou=addressbook,dc=csr,dc=ld
> ou: addressbook
> objectClass: organizationalUnit
> objectClass: top
>
> The branch ou=addressbook is populated.
>
> In olcDatabase={1}hdb.ldif configuration file I have this row:
> ...
> olcAccess: {0}to dn.subtree="ou=addressbook,dc=csr,dc=ld" by
> set="[cn=mk_group
> ,ou=Groups,dc=csr,dc=ld]/memberUid & user/uid" write by user read
> ....
>
> If I try to write in the addressbook, I get this message:
> .....
> ldap_modify: Insufficient access (50)
>
> What i wrong ?
>
> Many thanks.
> fulvio