[turba] Re: turba sources.conf

Edwin L. Culp eculp at encontacto.net
Wed Feb 2 06:05:35 PST 2005


Quoting David Irvine <david at david-irvine.com>:

> ?Hi
>
> I wonder if you would be able to give me some pointers I am having load
> of difficulties in setting up turba and ldap and really would like to. I
> note in teh lst you offered somebody a copy of your sources files.
>
> If you would not mind I would love a copy and also perhaps your acl bits
> from slapd.conf as well
>
> I am having a terrrible time
>
> Many thanks
> in advance

Hi David,

How about our keeping this on the list so others can have an oportunity 
to help
you also or to correct my advise;)

Your explanation doesn't tell me much as to what your problem is but I'll send
you some things that you asked for that will hopefully help.

My acl bits are basic and should be clear.  I've only added three 
rules, one for
each user accessable addressbook to allow folks to modify their entries and it
is trivial to add additional DN's for other reasons. My ldap tree structure
should also be obvious.

access to dn.regex=".*,mail=(.*),ou=personal,o=domain.com"
   by      dn.regex="mail=$1,ou=people,o=domain.com"   write

access to dn.regex=".*,mail=(.*),ou=temporal,o=domain.com"
   by      dn.regex="mail=$1,ou=people,o=domain.com"   write

access to dn.regex=".*,mail=(.*),ou=addressbook,o=domain.com"
   by      dn.regex="mail=$1,ou=people,o=domain.com"   write


access to *
   by self write
   by * read
   by anonymous auth

-----------------------------------------------------
I'm attaching the personal addressbook config, the others are just copies with
minor changes such as the corporate addressbook, that isn't in the ACL's
because only admins (me:) can modify anything except their entry and it is
generated automatically when a user is created with the corporate.com virtual
domain in his email and is the base dn for all changes to his directories.
example:

mail=eculp at encontacto.net,ou=people,o=domain.com

so the attached addressbook configuration changing the binddn to root so it
can´t be changed and a

'filter' => 'mail=' . '*@' . $vdomain,

will pop out all the corporate users.  Of course this is all so flexible that
any local requirements can be met with minor modification.

Hope this helps,

ed







More information about the turba mailing list