acl problem

12 Apr 2007


      Hi folks
I am trying to get an acl for an address book to work.
the relevant acl statements are:
access to attrs=userPassword,userPKCS12
         by dn="cn=admin,dc=graylion,dc=net" write
         by anonymous auth
         by self write
         by * none
access to dn.base=""
         by * read
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$"
         by dn="uid=$1,ou=users,dc=graylion,dc=net" write
         by dn.regex="cn=admin,dc=graylion,dc=net" read
         by users none
access to *
         by dn="cn=admin,dc=graylion,dc=net" write
         by * read
I have also tried using
by dn.regex="uid=$1,ou=users,dc=graylion,dc=net" write
but in all cases I get (when I try to add something to my personal 
address book):
Apr 12 12:59:32 collab slapd[17093]: do_add
Apr 12 12:59:32 collab slapd[17093]: >>> dnPrettyNormal: 
<uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net>
Apr 12 12:59:32 collab slapd[17093]: <<< dnPrettyNormal: 
<uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net>, 
<uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net>
Apr 12 12:59:32 collab slapd[17093]: conn=72 op=2 ADD 
dn="uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net"
Apr 12 12:59:32 collab slapd[17093]: 
bdb_dn2entry("uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net")
Apr 12 12:59:32 collab slapd[17093]: => bdb_dn2id( 
"uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net" 
)
Apr 12 12:59:32 collab slapd[17093]: <= bdb_dn2id: get failed: 
DB_NOTFOUND: No matching key/data pair found (-30990)
Apr 12 12:59:32 collab slapd[17093]: bdb_referrals: op=104 
target="uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net" 
matched="cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net"
Apr 12 12:59:32 collab slapd[17093]: oc_check_required entry 
(uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net), 
objectClass "inetOrgPerson"
Apr 12 12:59:32 collab slapd[17093]: oc_check_required entry 
(uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net), 
objectClass "mozillaAbPersonAlpha"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "uid"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "objectClass"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "cn"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "givenName"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "sn"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "displayName"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "c"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type 
"structuralObjectClass"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "entryUUID"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "creatorsName"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type 
"createTimestamp"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "entryCSN"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type "modifiersName"
Apr 12 12:59:32 collab slapd[17093]: oc_check_allowed type 
"modifyTimestamp"
Apr 12 12:59:32 collab slapd[17093]: 
bdb_dn2entry("uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net")
Apr 12 12:59:32 collab slapd[17093]: => bdb_dn2id( 
"uid=0430d7cb45d65818410b30ff9c9a130a,cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net" 
)
Apr 12 12:59:32 collab slapd[17093]: <= bdb_dn2id: get failed: 
DB_NOTFOUND: No matching key/data pair found (-30990)
Apr 12 12:59:32 collab slapd[17093]: => access_allowed: write access to 
"cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net" "children" 
requested
Apr 12 12:59:32 collab slapd[17093]: => dn: [2]
Apr 12 12:59:32 collab slapd[17093]: => dnpat: [3] 
cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$ nsub: 1
Apr 12 12:59:32 collab slapd[17093]: => acl_get: [3] matched
Apr 12 12:59:32 collab slapd[17093]: => acl_get: [3] attr children
Apr 12 12:59:32 collab slapd[17093]: => acl_mask: access to entry 
"cn=graylion,ou=personal,ou=contacts,dc=graylion,dc=net", attr 
"children" requested
Apr 12 12:59:32 collab slapd[17093]: => acl_mask: to all values by 
"uid=graylion,ou=users,dc=graylion,dc=net", (=n)
Apr 12 12:59:32 collab slapd[17093]: <= acl_mask: no more <who> clauses, 
returning =n (stop)
Apr 12 12:59:32 collab slapd[17093]: => access_allowed: write access 
denied by =n
Apr 12 12:59:32 collab slapd[17093]: bdb_add: no write access to parent
Apr 12 12:59:32 collab slapd[17093]: send_ldap_result: conn=72 op=2 p=3
Apr 12 12:59:32 collab slapd[17093]: send_ldap_response: msgid=3 tag=105 
err=50
Apr 12 12:59:32 collab slapd[17093]: conn=72 op=2 RESULT tag=105 err=50 
text=no write access to parent
now
dnpat: [3] cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$ nsub: 1
seems to tell me that the regex gets matched correctly but on the other 
hand it totally seems to not find
'by dn="uid=$1,ou=users,dc=graylion,dc=net" write'
I seem to be missing something obvious. what is it?
thanks
Bernhard
-- 
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

acl problem