[Date Prev][Date Next] [Chronological] [Thread] [Top]

dnattr



regarding my ACL problem i have tried to solve it by using this ACL:

# Access to groups addressbooks

# allow read of addressbook by members and egwadmin account
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
        attrs=entry
        by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" read
        by dn.regex="cn=admin,dc=graylion,dc=net" write
        by users none

# allow members to create entries in their group addressbooks; no-one else can a
ccess it
# needs write access to the entries ENTRY attribute ...


access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
        attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha
        by dnattr=memberUid write
#       by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
        by users none

# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
        attrs=children
        by dnattr=memberUid write
#       by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
        by users none


the group looks like this:

dn: cn=GraylionEnterprises,ou=groups,dc=graylion,dc=net
cn: GraylionEnterprises
gidNumber: 7
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: ...
objectClass: top
objectClass: posixGroup

and on restarting slapd I get:

Starting OpenLDAP: running BDB recovery, slapd - failed:
/usr/share/egroupware/addressbook/doc/acl_addressbook.conf: line 37: dnattr "memberUid": inappropriate syntax: 1.3.6.1.4.1.1466.115.121.1.26


thanks

Bernhard
--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net