Dnia czwartek, 10 lipca 2008, Sebastian Reinhardt napisał:
I have a problem by configuring access to an shared address book.
Users and groups are defined in following structure:
dc=mycompany,dc=org
|--ou=abook | | |----cn=adressbookentry1 | |----cn=adressbookentry2 | |----...... | |--ou=groups | | |----cn=group1 | |----cn=abook_rw | |----cn=abook_ro | |----........ | |--ou=users | | |----uid=user1(member of group "abook_rw") | |----uid=user2(member of group "abook_ro") | |----.........
Now users of group "abook_rw" should be able to write/edit an entry into "ou=abook", but members of "abook_ro" should have read-only access. I tried this "slapd.conf" config entry:
access to dn.subtree="ou=abook,dc=mycompany,dc=org" by group="cn=abook_rw,dc=mycompany,dc=org" write by group="cn=abook_ro,dc=mycompany,dc=org" read
Your group DNs seem to be wrong. Shouldn't that be:
access to dn.subtree="ou=abook,dc=mycompany,dc=org" by group="cn=abook_rw,ou=groups,dc=mycompany,dc=org" write by group="cn=abook_ro,ou=groups,dc=mycompany,dc=org" read
-- Mateusz