Gavin Henry wrote: > <quote who="JOYDEEP"> > >> Dieter Kluenter wrote: >> >>> JOYDEEP <[EMAIL PROTECTED]> writes: >>> >>> >>> >>>> Dear list, >>>> >>>> Please see below my LDAP structure >>>> >>>> >>> [...] >>> >>> >>>> *################ personal ACL ####################### >>>> access to >>>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$" >>>> by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" >>>> read >>>> by * none >>>> >>>> access to >>>> dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$" >>>> by dn.regex="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write >>>> by * none >>>> ################################################# >>>> >>>> the log reports ****tag=105 err=50 text=no write access to >>>> parent********** >>>> could any one suggest how to solve the problem ? >>>> thanks >>>> >>>> >>> Allow access to the pseudo attributs entry and children of the parent. >>> >>> access to >>> dn.regex=^ou=personal,ou=contacts,ou=contactsvirtualDomain..... >>> attrs=entry,children,@someObjectClass >>> by ... >>> >>> -Dieter >>> >>> >>> >> Thanks Dieter for your response, >> >> I have modified the ACL according to your suggestion and it is >> >> access to >> dn.regex="^ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$" >> >> attrs=entry,children,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson >> by >> dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write >> by * none >> >> but still I have the same problem and the log reports as >> >> conn=40 op=2 ADD >> dn="uid=d61af5515669698f52734f247c0f68ae,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap" >> Jul 9 08:00:53 lvps87-230-8-228 slapd[14106]: conn=40 op=2 RESULT >> tag=105 err=50 text=no write access to parent >> >> Please help me to solve it. thanks a lot for your help >> > > > In the above, there are only one set of (), so your domain is going inside > $1, and nothing is saved in $2. > > I would put it back to (still using the new attrs section by Dieter): > > dn.regex="cn=([^,]+),ou=personal,ou=contacts,,ou=contactsvirtualDomain=([^,]+),dc=suse,dc=ldap$" > > attrs=entry,children,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson > by > dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write > by * none > > > Hi Gavin, I have modified the ACL au u suggest
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$" attr=entry,children,@inetOrgPerson,@posixAccount,@mozillaAbPersonAlpha,@evolutionPerson by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write by * none but still I have Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 ADD dn="uid=cf594fcd2bace89814a3a2a62e6f9f91,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap" Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 RESULT tag=105 err=50 text=no write access to parent I'v also tried with dn.regex="^cn=([^,]+),ou=personal,ou....................... but with the same efect
