[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Again ACL problems



Dnia czwartek, 10 lipca 2008, Sebastian Reinhardt napisaÅ:
> I have a problem by configuring access to an shared address book.
>
> Users and groups are defined in following structure:
>
> dc=mycompany,dc=org
>
>   |--ou=abook
>   |
>   |           |----cn=adressbookentry1
>   |           |----cn=adressbookentry2
>   |           |----......
>   |
>   |--ou=groups
>   |
>   |           |----cn=group1
>   |           |----cn=abook_rw
>   |           |----cn=abook_ro
>   |           |----........
>   |
>   |--ou=users
>   |
>   |           |----uid=user1(member of group "abook_rw")
>   |           |----uid=user2(member of group "abook_ro")
>   |           |----.........
>
> Now users of group "abook_rw" should be able to write/edit an entry into
> "ou=abook", but members of "abook_ro" should have read-only access.
> I tried this "slapd.conf" config entry:
>
> access to dn.subtree="ou=abook,dc=mycompany,dc=org"
>               by group="cn=abook_rw,dc=mycompany,dc=org" write
>               by group="cn=abook_ro,dc=mycompany,dc=org" read

Your group DNs seem to be wrong. Shouldn't that be:

access to dn.subtree="ou=abook,dc=mycompany,dc=org"
               by group="cn=abook_rw,ou=groups,dc=mycompany,dc=org" write
               by group="cn=abook_ro,ou=groups,dc=mycompany,dc=org" read

--
Mateusz



Attachment: signature.asc
Description: This is a digitally signed message part.