4:32 a.m.
Dear list,
I am really fade up and need your kind guidance to solve the problem.
I have OpenLDAP based addressbook. Users are located under
ou=users,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap
basedn of personal adresbook
ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap
I need such an ACL so that only owner can read his addressbook.
The ACL for this is
access to
dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
by dn.regex="uid=([^,]+),ou=users,virtualDomain=$2,dc=suse,dc=ldap" read
by users none
but all the users can see others personal addresbook. Kindly suggest
where I have done
mistake. thanks for your kind support
6:14 a.m.
JOYDEEP writes:
access to
dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
This matches a DN whose RDN is a 'cn', immediately below ou=personal,
but not subtrees below ou=personal nor RDNs that are not 'cn's. Is that
intentional?
by
dn.regex="uid=([^,]+),ou=users,virtualDomain=$2,dc=suse,dc=ldap" read
Try by dn.expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" read
by users none
There is an implicit 'by * none' at the end of each access statement, so
that line is not necessary. And I assume you want to stop anonymous
access as well, so it's not as if the 'by users' statement is very
informative.
--
Regards,
Hallvard
9:56 p.m.
Hallvard B Furuseth wrote:
JOYDEEP writes:
> access to
>
dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
>
This matches a DN whose RDN is a 'cn', immediately below ou=personal,
but not subtrees below ou=personal nor RDNs that are not 'cn's. Is that
intentional?
Hi Hallvard,
thanks for your kind response. here is the address entry of an user bisu
*uid=96d587132dc79e9cb5acf0c007255008,cn=admin,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap*
at first I had ^cn=([^,]+) but then nothing can be seen. after changing
it to cn=([^,]+)
address entries are visible.
There was also a line like attrs=entry but after omitting it everything
is working. by the way what is the meaning of that entry ?
More over my present config can't prevent a user to see others personal
addressbook. how can I prevent this ?
thanks once again
> by dn.regex="uid=([^,]+),ou=users,virtualDomain=$2,dc=suse,dc=ldap"
read
>
Try by dn.expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" read
> by users none
>
There is an implicit 'by * none' at the end of each access statement, so
that line is not necessary. And I assume you want to stop anonymous
access as well, so it's not as if the 'by users' statement is very
informative.
6:19 a.m.
<quote who="JOYDEEP">
Dear list,
I am really fade up and need your kind guidance to solve the problem.
I have OpenLDAP based addressbook. Users are located under
ou=users,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap
basedn of personal adresbook
ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap
I need such an ACL so that only owner can read his addressbook.
The ACL for this is
access to
dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$"
by dn.regex="uid=([^,]+),ou=users,virtualDomain=$2,dc=suse,dc=ldap"
read
by users none
but all the users can see others personal addresbook. Kindly suggest
where I have done
mistake. thanks for your kind support
Did you read http://www.openldap.org/faq/data/cache/1005.html
Gavin.
5521
days inactive
5522
days old
openldap-software@openldap.org
3 comments
3 participants
participants (3)
-
Gavin Henry -
Hallvard B Furuseth -
JOYDEEP