On Mon, Jun 30, 2008 at 04:09:07PM -0700, david stackis wrote:
My goal is to have each one of my user able to read/write to their own personal address book.
ldapadd -D "cn=Elliott Smith,ou=users,dc=Company,dc=com" -f contact.ldif Enter bind password: adding new entry cn=Nick Drake,ou=addressbook,dc=Company,dc=com ldap_add: Insufficient access ldap_add: additional info: no write access to parent
access to dn.regex="(.+,)?(uid=[^,]+,o=isc)$" by dn.exact,expand="$2" write by anonymous auth
It looks as if you have part of an ACL taken from some other system. It will not help you here, I suggest you remove it.
You need to provide 'write' access to the whole subtree under ou=addressbook,dc=Company,dc=com so I suggest starting with this:
access to ou=addressbook,dc=Company,dc=com by users write by * read
access to * by * read
That will allow *any* authenticated user to do *anything* in your addressbooks tree. You can then refine it, perhaps by limiting which users can write:
access to ou=addressbook,dc=Company,dc=com by dn.subtree=ou=users,dc=Company,dc=com write by * read
access to * by * read
Andrew