[turba] Problem with Turba and LDAP addressbook

Thu Nov 3 04:21:56 PST 2005

I'm using Turba (h3-2.0.3) with Horde (3.0.5) on Fedora 4, the PHP
version is 5.0.4-10.4.

I have two problems, the guide which came with Turba (docs/LDAP) states
the following:

   Add this to your LDAP ACL so users can only see their own address book::

     access to dn="ou=(.+), ou=personal_addressbook, dc=example, dc=com"
         by dn="uid=$1, dc=example, dc=com" write
         by * none

If I put this in the /etc/openldap/slapd.conf (with the dc=example,
dc=com modified accordingly) then the server wont even start puking an
error instead:

Checking configuration files for slapd: /etc/openldap/slapd.conf: line
48: bad DN "ou=(.+), ou=personal_addressbook, dc= ...

If I modify the configuration to what I think is ment like so:

access to dn.regex="^ou=(.+),ou=personal_addressbook,dc=our,dc=domain$$"
        by dn.regex="^uid=$1,ou=Users,dc=our,dc=domain$$" write
        by * none

Then slapd will start, but when I try to add an entry it gives the
following error in the horde logfile:

Nov 03 13:45:36 HORDE [error] [turba] Failed to add an object: [50]
"Insufficient access" DN:
cn=Jarkko,uid=20051103134536.858u6fwxc9s at groupware.our.domain,ou=poltsi,ou=personal_addressbook,dc=our,dc=domain (attributes: [a:14:{s:2:"cn";s:6:"Jarkko";s:4:"mail";s:16:"jarkko at some.where";s:2:"sn";s:9:"Hyväkäs";s:5:"title";s:3:"fsd";s:16:"organizationname";s:9:"asdasdasd";s:16:"businesscategory";s:10:"asdasdadad";s:13:"postaladdress";s:6:"sdadad";s:10:"postalcode";s:7:"asdadad";s:15:"telephonenumber";s:7:"asdadad";s:24:"facsimiletelephonenumber";s:8:"asdasdad";s:17:"homepostaladdress";s:7:"asdadad";s:19:"homeTelephoneNumber";s:6:"asdasd";s:3:"uid";s:54:"20051103134536.858u6fwxc9s at groupware.our.domain";s:11:"objectclass";a:5:{i:0;s:3:"top";i:1;s:6:"person";i:2;s:13:"inetOrgPerson";i:3;s:8:"calEntry";i:4;s:20:"organizationalPerson";}}]).Charset:UTF-8 [on line 98 of "/var/www/horde/turba/add.php"]

I did the same changes as "Gui" did in
http://lists.horde.org/archives/turba/Week-of-Mon-20051024/004421.html,
although there was no servers.php so I did it in the sources.php which
contained already partially those changes. I have added the
rfc2739.schema as well as modified the core.schema and created the user
ou-entries under the personal_addressbook. I did it by hand since the
scripts/ldap/addou* was IMHO too cumbersome. As created there are now
the following objects under the personal_addressbook ou:

dn: ou=poltsi,ou=personal_addressbook,dc=our,dc=domain
ou: poltsi
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 327b7976-dfef-1029-87a6-f017253522e0
creatorsName: cn=Manager,dc=our,dc=domain
createTimestamp: 20051102132035Z
entryCSN: 20051102132035Z#000001#00#000000
modifiersName: cn=Manager,dc=our,dc=domain
modifyTimestamp: 20051102132035Z

The version of openLDAP is 2.2.13-2.

Has anybody else had this problem? I find it somewhat disturbing that
the example in the guide does not even work on my setup, which I guess
is probably because I have broken it somewhere else.

TIA,

Poltsi

-- 
Paul-Erik Törrönen, 
Cardinal Information Systems Ltd.
Pursimiehenkatu 29-31 C
00150 Helsinki, Finland
Mobile: +358 (0)40 703 1231
Phone: +358 (0)424 792 204
Fax: +358 (0)424 792 207
http://www.cardinal.fi/