[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Again ACL problems
Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:
> I have a problem by configuring access to an shared address book.
>
> Users and groups are defined in following structure:
>
> dc=mycompany,dc=org
> |--ou=abook
> | |----cn=adressbookentry1
> | |----cn=adressbookentry2
> | |----......
> |--ou=groups
> | |----cn=group1
> | |----cn=abook_rw
> | |----cn=abook_ro
> | |----........
> |--ou=users
> | |----uid=user1(member of group "abook_rw")
> | |----uid=user2(member of group "abook_ro")
> | |----.........
>
> Now users of group "abook_rw" should be able to write/edit an entry
> into "ou=abook", but members of "abook_ro" should have read-only
> access.
> I tried this "slapd.conf" config entry:
>
> access to dn.subtree="ou=abook,dc=mycompany,dc=org"
> by group="cn=abook_rw,dc=mycompany,dc=org" write
> by group="cn=abook_ro,dc=mycompany,dc=org" read
>
> But only "ldaproot" can access "ou=abook" by using ldap- client
> software (KAdressbook, LDAP- Editor)! What is wrong?
Try debugging with level ACL.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6