Hi Dieter,Gavin and all,
I have mentioned in my last mail that I had ACL like
################ personal ACL ####################### ###################### read ####################### access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$" by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" read by * none ######################## write ############################ access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap"
attr=children,entry,@inetOrgPerson,@posixAccount,@mozillaAbPersonAlpha,@evolutionPerson by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write by users none
the problem if writing was it reports
Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => access_allowed: write access denied by read(=rscx)
So I disabled the read ACL and the problem disappeared. I have a question here that why we need the read ACL at all more over thing is not so easy for Group ACL. If I follow the same technique for group ACL then though the group has no delete option it can delete the entries easily. how can I fix this problem. thanks so far for giving me the helpful suggestions; thans a lot