[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem for Netscape Roaming

>Can anyone help me here, I've been working on this three days?   I hate
>to pull  over and ask for directions.
>I am trying to get OpenLDAP on Red Hat Linux 7.2 to work with Netscape
>roaming.   It seems that my ACL for allowing write access to the Netscape
>profile is never chosen. 
>Here are my configs and debug output.  Does the capitalized dn from the
>LDAP  server cause the regex match to fail?
># Access Control
>access to * by * read
>access to dn=".*,ou=Roaming,dc=cdx,dc=org"
>        by dnattr=owner write
>access to attr=userPassword
>         by self write
>         by * none

Your order is wrong.  The first rule that matches gets used, and your first rule
matches everything to read access.  Put the userPassword rule first,  your
dnattr based rule second, and your "* by *" rule last.  The last rule simply
accomplishes the same thing as the defaultaccess directive.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW
Grand Rapids, MI. 49505