[Date Prev][Date Next] [Chronological] [Thread] [Top]

Quick ACL help

I am having a bit of trouble getting an ACL set correctly and could use an extra set of eyes to look at this and help me debug what the problem is. ACLs are not my strong point and I am in a jam with this today. Thanks.

Here is the -d 128 debugging output from slapd...

=> access_allowed: write access to "ou=addr,uid=fran,ou=People,dc=cis,dc=uab,dc=edu" "children" requested
=> dn: [2] dc=cis,dc=uab,dc=edu
=> acl_get: [2] matched
=> acl_get: [2] attr children
=> acl_mask: access to entry "ou=addr,uid=fran,ou=People,dc=cis,dc=uab,dc=edu", attr "children" requested
=> acl_mask: to all values by "uid=fran,ou=people,dc=cis,dc=uab,dc=edu", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: uid=oxadmin,ou=people,dc=cis,dc=uab,dc=edu
<= check a_dn_pat: *
<= acl_mask: [3] applying read(=rscx) (stop)
<= acl_mask: [3] mask: read(=rscx)
=> access_allowed: write access denied by read(=rscx)

...and here are the ACL entries that should govern write access to this area of the LDAP hierarchy....

access to dn.regex="^ou=addr,(uid=([^,]+),ou=people,dc=cis,dc=uab,dc=edu)$" attrs=children
by dn.exact,expand="$1" write
by dn="uid=oxadmin,ou=People,dc=cis,dc=uab,dc=edu" write

access to dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=people,dc=cis,dc=uab,dc=edu)$" attrs=entry
by dn.exact,expand="$2" write
by dn="uid=oxadmin,ou=People,dc=cis,dc=uab,dc=edu" write

access to *
   by self write
   by * read

Can anyone see anything obvious as to why I am getting denied write access?


-- Fran Fabrizio Senior Systems Analyst Department of Computer and Information Sciences University of Alabama at Birmingham http://www.cis.uab.edu/ 205.934.0653