Hi all, - Debian Wheezy - Openldap 2.4.31 I want a group (mk_group) can write to the addressbook:
~#ldapsearch -xLLL cn=mk_group
dn: cn=mk_group,ou=Groups,dc=csr,dc=ld
gidNumber: 1001
cn: mk_group
objectClass: top
objectClass: posixGroup
memberUid: fulvio
memberUid: pinco
memberUid: pallino
memberUid: ciccio
Every memberUid exists in the branch ou=Users
~# ldapsearch -xLLL ou=addressbook
dn: ou=addressbook,dc=csr,dc=ld
ou: addressbook
objectClass: organizationalUnit
objectClass: top
The branch ou=addressbook is populated.
In olcDatabase={1}hdb.ldif configuration file I have this row:
...
olcAccess: {0}to dn.subtree="ou=addressbook,dc=csr,dc=ld" by set="[cn=mk_group
,ou=Groups,dc=csr,dc=ld]/memberUid & user/uid" write by user read
....
If I try to write in the addressbook, I get this message:
.....
ldap_modify: Insufficient access (50)
What i wrong ?
Many thanks.
fulvio
<<attachment: fparnigoni.vcf>>
