[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem for Netscape Roaming

To: Benjamin Baez <bbaez@biospectra.com>
Subject: Re: ACL problem for Netscape Roaming
From: Adam Tauno Williams <adam@morrison-ind.com>
Date: Tue, 20 Nov 2001 09:28:27 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1006210171.3bf98c7b2ec82@www.biospectra.com>
References: <1006210171.3bf98c7b2ec82@www.biospectra.com>
User-agent: IMP/PHP IMAP webmail program 2.2.1

>Can anyone help me here, I've been working on this three days?   I hate
>to pull  over and ask for directions.
>I am trying to get OpenLDAP on Red Hat Linux 7.2 to work with Netscape
>roaming.   It seems that my ACL for allowing write access to the Netscape
>profile is never chosen. 
>Here are my configs and debug output.  Does the capitalized dn from the
>LDAP  server cause the regex match to fail?
># Access Control
>access to * by * read
>access to dn=".*,ou=Roaming,dc=cdx,dc=org"
>        by dnattr=owner write
>access to attr=userPassword
>         by self write
>         by * none

Your order is wrong.  The first rule that matches gets used, and your first rule
matches everything to read access.  Put the userPassword rule first,  your
dnattr based rule second, and your "* by *" rule last.  The last rule simply
accomplishes the same thing as the defaultaccess directive.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW
Grand Rapids, MI. 49505

References:
- ACL problem for Netscape Roaming
  - From: Benjamin Baez <bbaez@biospectra.com>

Prev by Date: RE: How to replace a value of a multi-valued attribute
Next by Date: sorting atributes
Index(es):
- Chronological
- Thread