[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL



Hello,

I'm new in OpenLDAP, I've setup it for an address book
(mozilla/evolution), and this works fine, except access list.

I want to permit write from any computer of the domain ".many.be" (We
use an internal DNS server), I have add these lines to slapd.conf :


access to dn=".*,ou=Addressbook,dc=many,dc=be" attrs="*"
	by domain=.*\.many\.be write


But this doesn't work, logs (in debug 128) says:

Jun  7 10:43:54 sugar slapd[1280]: => access_allowed: write access to
"cn=Nicolas Brainez,ou=Addressbook,dc=many,dc=be" "title" requested 
Jun  7 10:43:54 sugar slapd[1280]: => acl_get: [1] check attr title 
Jun  7 10:43:54 sugar slapd[1280]: <= acl_get: [1] acl cn=Nicolas
Brainez,ou=Addressbook,dc=many,dc=be attr: title 
Jun  7 10:43:54 sugar slapd[1280]: => acl_mask: access to entry
"cn=Nicolas Brainez,ou=Addressbook,dc=many,dc=be", attr "title"
requested 
Jun  7 10:43:54 sugar slapd[1280]: => acl_mask: to all values by "",
(=n)  
Jun  7 10:43:54 sugar slapd[1280]: <= check a_dn_pat:
cn=admin,dc=many,dc=be 
Jun  7 10:43:54 sugar slapd[1280]: <= check a_dn_pat: * 
Jun  7 10:43:54 sugar slapd[1280]: <= acl_mask: [2] applying read
(=rscx) (stop) 
Jun  7 10:43:54 sugar slapd[1280]: <= acl_mask: [2] mask: read (=rscx) 
Jun  7 10:43:54 sugar slapd[1280]: => access_allowed: write access
denied by read (=rscx) 


Any tips?

--
Nicolas Brainez