[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL Problem

Does an ACL rule in front of the rule prohibit the access to the specified rule? 

suomi

On 2011-12-20 09:55, Selcuk Yazar wrote:

Hi,

I want to ldap users to change their password.

sample user dn is
mail=edergi@.....mail......edu.tr
<http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template_engine&server_id=1&dn=mail%3Dedergi%40trakyamail.trakya.edu.tr%2Cou%3DKURUMSAL_SISTEMSEL%2Cjvd%3Dtrakyamail.trakya.edu.tr%2Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample>,ou=
<http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template_engine&server_id=1&dn=ou%3DKURUMSAL_SISTEMSEL%2Cjvd%3Dtrakyamail.trakya.edu.tr%2Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample>SOME_UNIT,jvd=.....mail.......edu.tr
<http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template_engine&server_id=1&dn=jvd%3Dtrakyamail.trakya.edu.tr%2Co%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample>,o=hosting
<http://193.255.140.119/phpldapadmin/htdocs/cmd.php?cmd=template_engine&server_id=1&dn=o%3Dhosting%2Cdc%3Dmyhosting%2Cdc%3Dexample>

and we have acl rules in slapd.conf

access to dn.regex=".*,ou=.*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example"
         attrs=userPassword
         by self write
         by
group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=myhosting,dc=example"
write
         by * auth
         by * none

access to dn.regex=".*jvd=([^,]+),o=hosting,dc=myhosting,dc=example"
         by self write
         by
group/jammPostmaster/roleOccupant.expand="cn=postmaster,jvd=$1,o=hosting,dc=myhosting,dc=example"
write
         by * read

access to *
         by * read

i apply  various rules from openldap documentation, but no one works.
why users can't chage their password ?

thanks in advance





--
Selçuk YAZAR