[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: This ACL doesn't work

To: <openldap-technical@openldap.org>, <fparnigoni@videosoft.biz>
Subject: Antw: This ACL doesn't work
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Mon, 28 Jul 2014 14:54:57 +0200
Content-disposition: inline
In-reply-to: <53D62155.2090604@videosoft.biz>
References: <53D62155.2090604@videosoft.biz>

>>> Fulvio Parnigoni <fparnigoni@videosoft.biz> schrieb am 28.07.2014 um 12:09 in
Nachricht <53D62155.2090604@videosoft.biz>:
> Hi all,
> - Debian Wheezy
> - Openldap 2.4.31
> 
> I want a group (mk_group) can write to the addressbook:
> 
> ~#ldapsearch -xLLL cn=mk_group
> 
> dn: cn=mk_group,ou=Groups,dc=csr,dc=ld
> gidNumber: 1001
> cn: mk_group
> objectClass: top
> objectClass: posixGroup
> memberUid: fulvio
> memberUid: pinco
> memberUid: pallino
> memberUid: ciccio

Did you try using DN syntax for the memberUIDs? The definition says member is a DN...

> 
> Every memberUid exists in the branch ou=Users
> 
> ~# ldapsearch -xLLL ou=addressbook
> 
> dn: ou=addressbook,dc=csr,dc=ld
> ou: addressbook
> objectClass: organizationalUnit
> objectClass: top
> 
> The branch ou=addressbook is populated.
> 
> In olcDatabase={1}hdb.ldif configuration file I have this row:
> ...
> olcAccess: {0}to dn.subtree="ou=addressbook,dc=csr,dc=ld" by 
> set="[cn=mk_group
>   ,ou=Groups,dc=csr,dc=ld]/memberUid & user/uid" write by user read
> ....
> 
> If I try to write in the addressbook, I get this message:
> .....
> ldap_modify: Insufficient access (50)
> 
> What i wrong ?
> 
> Many thanks.
> fulvio

Follow-Ups:
- Re: Antw: This ACL doesn't work
  - From: Fulvio Parnigoni <fparnigoni@videosoft.biz>

References:
- This ACL doesn't work
  - From: Fulvio Parnigoni <fparnigoni@videosoft.biz>

Prev by Date: LMDB: Robust mutexes and platform detection
Next by Date: Antw: LMDB: Robust mutexes and platform detection
Index(es):
- Chronological
- Thread