Hi, JOYDEEP <[EMAIL PROTECTED]> writes:
> Dieter Kluenter wrote: >> JOYDEEP <[EMAIL PROTECTED]> writes: >> >> >>> Gavin Henry wrote: >>> >>>> <quote who="JOYDEEP"> >>>> >>>> >>>>> Dieter Kluenter wrote: >>>>> >>>>> >> >> >>> Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 ADD >>> dn="uid=cf594fcd2bace89814a3a2a62e6f9f91,cn=bisu,ou=personal,ou=contacts,ou=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap" >>> Jul 9 08:56:27 lvps87-230-8-228 slapd[30315]: conn=4 op=2 RESULT >>> tag=105 err=50 text=no write access to parent >>> >>> I'v also tried with >>> dn.regex="^cn=([^,]+),ou=personal,ou....................... but with >>> the same efect >>> >>> >> >> Please set loglevel to ACL and check which access rule matches first. >> >> -Dieter >> >> > OK Dieter, > I have set loglevel 128 > > The ACL I have for read and write are > > ################ personal ACL ####################### > ###################### read ####################### > access to > dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap$" > by dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" > read > by * none > ######################## write ############################ > access to > dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=contacts,virtualDomain=([^,]+),dc=suse,dc=ldap" > > attr=children,entry,@inetOrgPerson,@posixAccount,@mozillaAbPersonAlpha,@evolutionPerson > by > dn.exact,expand="uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=ldap" write > by users none > > now If I try to add in addressbook it gives errors as > --------------------------------------------------------------- > > Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => acl_mask: access to > entry "cn=admin,ou=personal,ou=contacts,o > u=contacts,virtualDomain=kolkata.opendingo.com,dc=suse,dc=ldap", attr > "children" requested > Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => acl_mask: to all values > by "uid=admin,ou=users,virtualDomain= > kolkata.opendingo.com,dc=suse,dc=ldap", (=n) > Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= check a_dn_pat: > uid=$1,ou=users,virtualDomain=$2,dc=suse,dc=l > dap > Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= acl_mask: [1] applying > read(=rscx) (stop) > Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: <= acl_mask: [1] mask: > read(=rscx) > Jul 9 11:59:33 lvps87-230-8-228 slapd[5147]: => access_allowed: write > access denied by read(=rscx) >From the log one can see that the first access rule is applied and no further checking is done. Please put your access rules in the correct order. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
