Hi,
JOYDEEP j.bakshi@unlimitedmail.org writes:
Dieter Kluenter wrote:
JOYDEEP j.bakshi@unlimitedmail.org writes:
Gavin Henry wrote:
<quote who="JOYDEEP">
Dieter Kluenter wrote:
Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 ADD dn="uid=cf594fcd2bace89814a3a2a62e6f9f91,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap" Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 RESULT tag=105 err=50 text=no write access to parent
I'v also tried with dn.regex="^cn=([^,]+),ou=personal,ou....................... but with the same efect
Please set loglevel to ACL and check which access rule matches first.
-Dieter
OK Dieter, I have set loglevel 128
The ACL I have for read and write are
################ personal ACL ####################### ###################### read ####################### access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$" by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" read by * none ######################## write ############################ access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap"
attr=children,entry,@inetOrgPerson,@posixAccount,@mozillaAbPersonAlpha,@evolutionPerson by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write by users none
now If I try to add in addressbook it gives errors as
Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => acl_mask: access to entry "cn=admin,ou=personal,ou=contacts,o u=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap", attr "children" requested Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => acl_mask: to all values by "uid=admin,ou=users,virtualDomain= kolkata.opendingo.com,dc=suse,dc=ldap", (=n) Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= check a_dn_pat: uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=l dap Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= acl_mask: [1] applying read(=rscx) (stop) Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= acl_mask: [1] mask: read(=rscx) Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => access_allowed: write access denied by read(=rscx)
From the log one can see that the first access rule is applied and no
further checking is done. Please put your access rules in the correct order.
-Dieter