[turba] Feature Request

Edwin Culp eculp@encontacto.net
Sat, 17 Aug 2002 14:30:31 -0700 

Quoting "Derek J. Balling" <dredd@megacity.org>:

 | 
 | On Saturday, August 17, 2002, at 04:24  PM, Edwin Culp wrote:
 | > Your slapd.log?
 | 
 | http://www.megacity.org/slapd.log.txt
 | 
 | from reading it, it seems like it IS figuring out that I have write 
 | access (I see "applied write" quite often).
When making a modification using turba I get the following on success (err=0):

Aug 17 13:47:33 EnContacto slapd[66713]: conn=7 op=3 MOD \
    dn="mail=eculp@insourcery.com,ou=people,o=worldinternet.org" 
Aug 17 13:47:33 EnContacto slapd[66713]: conn=7 op=3 RESULT tag=103 err=0 text= 
Aug 17 13:47:33 EnContacto slapd[66713]: conn=7 op=4 UNBIND 

 | 
 | > I'm no expert but it sounds like ldap acl issues.  Take a look at 
 | > slapd.log
 | > or equivalent while trying to make a change.  It should give you an idea
 | > what is going on.  The other option would be post your acl's.
 | 
I'm going to add some comments, please correct me if I'm wrong because I
have a very hard time with acl's in ldap.

 | access to attribute=userPassword
 |          by dn="cn=admin,dc=byramhealthcare,dc=com" write
 |          by anonymous auth
 |          by self read
 |          by * none
In the above only the admin can modify and that would be external to turba
according to your previous email where you are binding with each individual
user if I read it correctly.
 | 
 | access to attribute=telephoneNumber
 |          by dn="cn=admin,dc=byramhealthcare,dc=com" write
 |          by anonymous auth
 |          by self write
 |          by * read
Each individual user can change their their telephone as can the admin.
Are they not able to?
 | 
 | access to attribute=facsimileTelephoneNumber
 |          by dn="cn=admin,dc=byramhealthcare,dc=com" write
 |          by anonymous auth
 |          by self write
 |          by * read

The same as the above for the fax.

 | 
 | # The admin dn has full write access
 | access to *
 |          by dn="cn=admin,dc=byramhealthcare,dc=com" write
 |          by * read
If I usderstood your previous email, you are not using admin for binding
with turba so only users will be able to change their telephone and fax
unless I've missed something with the quick scan that I just did.

I hope this helps,

ed
 | 
 | 
 | -- 
 | Turba mailing list
 | Frequently Asked Questions: http://horde.org/faq/
 | To unsubscribe, mail: turba-unsubscribe@lists.horde.org


--