[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd and permissions

Jernej Kos wrote:

Well, i am using OpenLDAP version 2.1.26, now i have even added ".regex" where needed. But it still doesn't work :( Users still don't have write access to their objects inside "Domains".

Now it looks like this and should be 2.1 and 2.2 compatible :P.
access to dn.regex="ou=Domains,uid=(.*),ou=Drones,dc=unimatrix-one,dc=org"
by dn="cn=root,dc=unimatrix-one,dc=org" write
by dn="cn=borgd,dc=unimatrix-one,dc=org" write
by dn.regex="uid=$1,ou=Drones,dc=unimatrix-one,dc=org" write
by * read

OK. Now you should specify what kind of write access you need and you don't get
with this ACL. In slapd.acces(5) of 2.2 you'll find a clear description of the
access level you need to each portion of an entry for each operation. You should
also indicate what identity you're using; you could look at logging with level 16 (ACL)
to see whhere in the ACL check your access fails.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497