[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: read ACL working but write ACL not

Gavin Henry wrote:
> <quote who="JOYDEEP">
>   
>> Dieter Kluenter wrote:
>>     
>>> JOYDEEP <j.bakshi@unlimitedmail.org> writes:
>>>
>>>
>>>       
>>>> Dear list,
>>>>
>>>> Please see below my LDAP structure
>>>>
>>>>         
>>> [...]
>>>
>>>       
>>>> *################ personal ACL #######################
>>>> access to
>>>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>>>>   by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"
>>>> read
>>>>   by * none
>>>>
>>>> access to
>>>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$"
>>>>   by dn.regex="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
>>>>   by * none
>>>> #################################################
>>>>
>>>> the log reports ****tag=105 err=50 text=no write access to
>>>> parent**********
>>>> could any one suggest how to solve the problem ?
>>>> thanks
>>>>
>>>>         
>>> Allow access to the pseudo attributs entry and children of the parent.
>>>
>>> access to
>>>  dn.regex=^ou=personal,ou=contacts,ou=contactsvirtualDomain.....
>>>  attrs=entry,children,@someObjectClass
>>>  by ...
>>>
>>> -Dieter
>>>
>>>
>>>       
>> Thanks Dieter for your response,
>>
>> I have modified the ACL according to your suggestion and it is
>>
>> access to
>> dn.regex="^ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>>
>> attrs=entry,children,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
>>    by
>> dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
>>    by * none
>>
>> but still I have the same problem and the log reports as
>>
>> conn=40 op=2 ADD
>> dn="uid=d61af5515669698f52734f247c0f68ae,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap"
>> Jul  9 08:00:53 lvps87-230-8-228 slapd[14106]: conn=40 op=2 RESULT
>> tag=105 err=50 text=no write access to parent
>>
>> Please help me to solve it. thanks a lot for your help
>>     
>
>
> In the above, there are only one set of (), so your domain is going inside
> $1, and nothing is saved in $2.
>
> I would put it back to (still using the new attrs section by Dieter):
>
> dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$"
>
> attrs=entry,children,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
>     by
>  dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
>     by * none
>
>
>   
Hi Gavin,
I have modified the ACL au u suggest

access to
dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
  
attr=entry,children,@inetOrgPerson,@posixAccount,@mozillaAbPersonAlpha,@evolutionPerson
   by
dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
   by * none

but still  I have

Jul  9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 ADD
dn="uid=cf594fcd2bace89814a3a2a62e6f9f91,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap"
Jul  9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 RESULT
tag=105 err=50 text=no write access to parent

I'v also tried with 
dn.regex="^cn=([^,]+),ou=personal,ou.......................    but with
the same efect