Dieter Kluenter wrote: > JOYDEEP <[EMAIL PROTECTED]> writes: > > >> Gavin Henry wrote: >> >>> <quote who="JOYDEEP"> >>> >>> >>>> Dieter Kluenter wrote: >>>> >>>> > > >> Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 ADD >> dn="uid=cf594fcd2bace89814a3a2a62e6f9f91,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap" >> Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 RESULT >> tag=105 err=50 text=no write access to parent >> >> I'v also tried with >> dn.regex="^cn=([^,]+),ou=personal,ou....................... but with >> the same efect >> >> > > Please set loglevel to ACL and check which access rule matches first. > > -Dieter > > OK Dieter, I have set loglevel 128
The ACL I have for read and write are ################ personal ACL ####################### ###################### read ####################### access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$" by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" read by * none ######################## write ############################ access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap" attr=children,entry,@inetOrgPerson,@posixAccount,@mozillaAbPersonAlpha,@evolutionPerson by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write by users none now If I try to add in addressbook it gives errors as --------------------------------------------------------------- Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => acl_mask: access to entry "cn=admin,ou=personal,ou=contacts,o u=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap", attr "children" requested Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => acl_mask: to all values by "uid=admin,ou=users,virtualDomain= kolkata.opendingo.com,dc=suse,dc=ldap", (=n) Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= check a_dn_pat: uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=l dap Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= acl_mask: [1] applying read(=rscx) (stop) Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= acl_mask: [1] mask: read(=rscx) Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => access_allowed: write access denied by read(=rscx) --------------------------------------------------------------------------------------------------------- if I disable the read ACL then I have no problem to save the contact.
