On 13-03-14 18:38, Quanah Gibson-Mount wrote:
--On Thursday, March 13, 2014 4:12 PM +0100 Jonas
Kellens <jonas.kellens@telenet.be> wrote:
what kind of adjustments are needed then ?
access to dn.one="ou=tbook1,ou=contacten,ou=101001,dc=mydomain"
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by
group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain"
read
What of the above ACL-statement is incorrect ?
Is that your one and only ACL? I'm going to guess not. It's not
particularly easy to evaluate ACLs out of context, since the
entire thing is contextual.
--Quanah
Well actually, this is the entire ACL :
database bdb
suffix "dc=mydomain"
rootdn "cn=Manager,dc=mydomain"
rootpw {SSHA}blCAG/CNdFPY597Cf4Ssujk
defaultaccess none
access to attrs=userPassword
by * auth
access to
dn.regex="ou=tbook[12345],ou=contacten,ou=101001,dc=mydomain"
attrs=children
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by * none break
access to dn.one="ou=tbook1,ou=contacten,ou=101001,dc=mydomain"
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by
group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain" read
access to dn.one="ou=tbook2,ou=contacten,ou=101001,dc=mydomain"
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by
group.exact="cn=tbook2,ou=gebruikers,ou=101001,dc=mydomain" read
access to dn.one="ou=tbook3,ou=contacten,ou=101001,dc=mydomain"
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by
group.exact="cn=tbook3,ou=gebruikers,ou=101001,dc=mydomain" read
access to dn.one="ou=tbook4,ou=contacten,ou=101001,dc=mydomain"
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by
group.exact="cn=tbook4,ou=gebruikers,ou=101001,dc=mydomain" read
access to dn.one="ou=tbook5,ou=contacten,ou=101001,dc=mydomain"
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by
group.exact="cn=tbook5,ou=gebruikers,ou=101001,dc=mydomain" read
Do you see anything wrong ?
As said before, works perfect on openLDAP version 2.3.42
Kind regards,
Jonas.