[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: read ACL working but write ACL not

To: "JOYDEEP" <j.bakshi@unlimitedmail.org>
Subject: Re: read ACL working but write ACL not
From: "Gavin Henry" <ghenry@suretecsystems.com>
Date: Mon, 9 Jul 2007 06:46:35 -0000 (GMT)
Cc: Dieter Kluenter <dieter@dkluenter.de>, openldap-software@openldap.org
Importance: Normal
In-reply-to: <4691D1BB.4050402@unlimitedmail.org>
References: <468E0E98.10501@unlimitedmail.org> <87vecxe2ip.fsf@magenta.l4b.de> <4691D1BB.4050402@unlimitedmail.org>
User-agent: SquirrelMail/1.4.10a-1.fc6

<quote who="JOYDEEP">
> Dieter Kluenter wrote:
>> JOYDEEP <j.bakshi@unlimitedmail.org> writes:
>>
>>
>>> Dear list,
>>>
>>> Please see below my LDAP structure
>>>
>>
>> [...]
>>
>>> *################ personal ACL #######################
>>> access to
>>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>>>   by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"
>>> read
>>>   by * none
>>>
>>> access to
>>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$"
>>>   by dn.regex="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
>>>   by * none
>>> #################################################
>>>
>>> the log reports ****tag=105 err=50 text=no write access to
>>> parent**********
>>> could any one suggest how to solve the problem ?
>>> thanks
>>>
>>
>> Allow access to the pseudo attributs entry and children of the parent.
>>
>> access to
>>  dn.regex=^ou=personal,ou=contacts,ou=contactsvirtualDomain.....
>>  attrs=entry,children,@someObjectClass
>>  by ...
>>
>> -Dieter
>>
>>
> Thanks Dieter for your response,
>
> I have modified the ACL according to your suggestion and it is
>
> access to
> dn.regex="^ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>
> attrs=entry,children,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
>    by
> dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
>    by * none
>
> but still I have the same problem and the log reports as
>
> conn=40 op=2 ADD
> dn="uid=d61af5515669698f52734f247c0f68ae,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap"
> Jul  9 08:00:53 lvps87-230-8-228 slapd[14106]: conn=40 op=2 RESULT
> tag=105 err=50 text=no write access to parent
>
> Please help me to solve it. thanks a lot for your help


In the above, there are only one set of (), so your domain is going inside
$1, and nothing is saved in $2.

I would put it back to (still using the new attrs section by Dieter):

dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$"

attrs=entry,children,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
    by
 dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap"  write
    by * none

Follow-Ups:
- Re: read ACL working but write ACL not
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>

References:
- read ACL working but write ACL not
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>
- Re: read ACL working but write ACL not
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: read ACL working but write ACL not
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>

Prev by Date: Re: read ACL working but write ACL not
Next by Date: Re: read ACL working but write ACL not
Index(es):
- Chronological
- Thread