regarding my ACL problem i have tried to solve it by using this ACL:
# Access to groups addressbooks
# allow read of addressbook by members and egwadmin account access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$" attrs=entry by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" read by dn.regex="cn=admin,dc=graylion,dc=net" write by users none
# allow members to create entries in their group addressbooks; no-one else can a ccess it # needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$" attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha by dnattr=memberUid write # by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write by users none
# ... and the entries CHILDREN access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$" attrs=children by dnattr=memberUid write # by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write by users none
the group looks like this:
dn: cn=GraylionEnterprises,ou=groups,dc=graylion,dc=net cn: GraylionEnterprises gidNumber: 7 memberUid: user1 memberUid: user2 memberUid: user3 memberUid: ... objectClass: top objectClass: posixGroup
and on restarting slapd I get:
Starting OpenLDAP: running BDB recovery, slapd - failed: /usr/share/egroupware/addressbook/doc/acl_addressbook.conf: line 37: dnattr "memberUid": inappropriate syntax: 1.3.6.1.4.1.1466.115.121.1.26
thanks
Bernhard