[horde] ACL for Turba

Bill Day williamson.day at gmail.com
Thu Nov 6 22:20:37 UTC 2008 

I have been able to configure personal_ldap in sources.php for Turba
successfully in the past, but for some reason I am having a devil of a time
writing ACL's for OpenLDAP 2.4 that will give an individual user write
access to his personal address book.  Although I have spent a fair bit of
time with the Administrator's Handbook on openldap.org and the Horde Wiki,
other documentation seems to be sparse and Mr. Google is not providing
helpful answers.  I have the following questions:

1) Is there additional documentation that I need to look at?

2) Is this list the appropriate place to ask for help?  If not, is there a
more appropriate list?

3) There might also be a possibility that OpenLDAP is not reading all of my
schema from slapd.conf to the new configurate in cn=config in OpenLDAP 2.4.
Any advice or suggestions on how to get advice to test this alternate
hypothesis would be very much appreciated.

4) Naturally, to the extent this is the appropriate forum, any help would be
gratefully received.

Thanks,

Bill

Latest efforts:

LDAP tree

dc=williamsonday,dc=local
          cn=admin,dc=williamsonday,dc=local
          ou=People,dc=williamsonday,dc=local

uid=billday,ou=People,dc=williamsonday,dc=local
(user)
          ou=Group,dc=williamsonday,dc=local
          ou=Contacts,dc=williamsonday,dc=local
                  ou=Shared,ou=Contacts,dc=williamsonday,dc=local
                  ou=Personal,ou=Contacts,dc=williamsonday,dc=local

ou=billday,ou=Personal,ou=Contacts,dc=williamsonday,dc=local
(private address books)


access to
dn.regex="^ou=([^,]+),ou=Personal,ou=Contacts,dc=williamsonday,dc=local$"
     attrs=children
     by dn.regex="^uid=$1,ou=People,dc=williamsonday,dc=local$" write
     by * none

access to
dn.regex="^ou=([^,]+),ou=Personal,ou=Contacts,dc=williamsonday,dc=local$"
     attrs=entry, at inetOrgPerson
     by dn.regex="^uid=$1,ou=People,dc=williamsonday,dc=local$" write
     by * none

error is that parent does not have sufficient access
-- 
Bill Day
williamson.day at gmail.com
PGP Fingerprint: EE5D DE55 9EF1 E012 7417
A5F1 1D7D 0847 7785 1146

More information about the horde mailing list