[Date Prev][Date Next] [Chronological] [Thread] [Top]

Again ACL problems

I have a problem by configuring access to an shared address book.

Users and groups are defined in following structure:

 |           |----cn=adressbookentry1
 |           |----cn=adressbookentry2
 |           |----......
 |           |----cn=group1
 |           |----cn=abook_rw
 |           |----cn=abook_ro
 |           |----........
 |           |----uid=user1(member of group "abook_rw")
 |           |----uid=user2(member of group "abook_ro")
 |           |----.........

Now users of group "abook_rw" should be able to write/edit an entry into "ou=abook", but members of "abook_ro" should have read-only access.
I tried this "slapd.conf" config entry:

access to dn.subtree="ou=abook,dc=mycompany,dc=org"
             by group="cn=abook_rw,dc=mycompany,dc=org" write
             by group="cn=abook_ro,dc=mycompany,dc=org" read

But only "ldaproot" can access "ou=abook" by using ldap- client software (KAdressbook, LDAP- Editor)! What is wrong?

Mit freundlichen GrÃÃen

Sebastian Reinhardt