Sebastian Reinhardt <[EMAIL PROTECTED]> writes: > I have a problem by configuring access to an shared address book. > > Users and groups are defined in following structure: > > dc=mycompany,dc=org > |--ou=abook > | |----cn=adressbookentry1 > | |----cn=adressbookentry2 > | |----...... > |--ou=groups > | |----cn=group1 > | |----cn=abook_rw > | |----cn=abook_ro > | |----........ > |--ou=users > | |----uid=user1(member of group "abook_rw") > | |----uid=user2(member of group "abook_ro") > | |----......... > > Now users of group "abook_rw" should be able to write/edit an entry > into "ou=abook", but members of "abook_ro" should have read-only > access. > I tried this "slapd.conf" config entry: > > access to dn.subtree="ou=abook,dc=mycompany,dc=org" > by group="cn=abook_rw,dc=mycompany,dc=org" write > by group="cn=abook_ro,dc=mycompany,dc=org" read > > But only "ldaproot" can access "ou=abook" by using ldap- client > software (KAdressbook, LDAP- Editor)! What is wrong?
Try debugging with level ACL. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
