[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: read ACL working but write ACL not



JOYDEEP <j.bakshi@unlimitedmail.org> writes:

> Dear list,
>
> Please see below my LDAP structure

[...]
>
> *################ personal ACL #######################
> access to
> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>   by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" 
> read
>   by * none
>
> access to
> dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$"
>   by dn.regex="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
>   by * none
> #################################################
>
> the log reports ****tag=105 err=50 text=no write access to parent**********
> could any one suggest how to solve the problem ?
> thanks

Allow access to the pseudo attributs entry and children of the parent.

access to
 dn.regex=^ou=personal,ou=contacts,ou=contactsvirtualDomain.....
 attrs=entry,children,@someObjectClass
 by ...

-Dieter 

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6