[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: read ACL working but write ACL not-[write access denied by read(=rscx)]

To: openldap-software@openldap.org, dieter@dkluenter.de, ghenry@suretecsystems.com
Subject: Re: read ACL working but write ACL not-[write access denied by read(=rscx)]
From: JOYDEEP <j.bakshi@unlimitedmail.org>
Date: Mon, 09 Jul 2007 17:00:51 +0530
User-agent: Thunderbird 1.5 (X11/20060317)

Hi Dieter,Gavin and all,

I have mentioned in my last mail that I had ACL like

################ personal ACL #######################
###################### read #######################
access to
dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
  by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" 
read
  by * none
######################## write ############################
access to
dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap"
  
attr=children,entry,@inetOrgPerson,@posixAccount,@mozillaAbPersonAlpha,@evolutionPerson
   by
dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
   by users none


the problem if writing was it reports

Jul  9 11:59:33 lvps87-230-8-228 slapd[5147]: => access_allowed: write
access denied by read(=rscx)

So I disabled the read ACL and the problem disappeared. I have a question here that why we
need the read ACL at all more over thing is not so easy for Group ACL. If I follow the same technique 
for group ACL then though the group has no delete option it can delete the entries easily.
how can I fix this problem.
thanks so far for giving me the helpful suggestions; thans a lot

Follow-Ups:
- Re: read ACL working but write ACL not-[write access denied by read(=rscx)]
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>

Prev by Date: Re: read ACL working but write ACL not
Next by Date: Re: Schema change in master-slave setup
Index(es):
- Chronological
- Thread