[turba] [horde] ACL for Turba

Jan Schneider jan at horde.org
Sat Nov 8 17:48:41 UTC 2008


Zitat von Bill Day <williamson.day at gmail.com>:

> I have been able to configure personal_ldap in sources.php for Turba
> successfully in the past, but for some reason I am having a devil of a time
> writing ACL's for OpenLDAP 2.4 that will give an individual user write
> access to his personal address book.  Although I have spent a fair bit of
> time with the Administrator's Handbook on openldap.org and the Horde Wiki,
> other documentation seems to be sparse and Mr. Google is not providing
> helpful answers.  I have the following questions:
>
> 1) Is there additional documentation that I need to look at?

None that I know of, but I'm not an LDAP guru.

> 2) Is this list the appropriate place to ask for help?  If not, is there a
> more appropriate list?

The Turba list, which I Cc.

> 3) There might also be a possibility that OpenLDAP is not reading all of my
> schema from slapd.conf to the new configurate in cn=config in OpenLDAP 2.4.
> Any advice or suggestions on how to get advice to test this alternate
> hypothesis would be very much appreciated.

Try asking about that on the OpenLDAP mailing list instead.

> 4) Naturally, to the extent this is the appropriate forum, any help would be
> gratefully received.
>
> Thanks,
>
> Bill
>
> Latest efforts:
>
> LDAP tree
>
> dc=williamsonday,dc=local
>           cn=admin,dc=williamsonday,dc=local
>           ou=People,dc=williamsonday,dc=local
>
> uid=billday,ou=People,dc=williamsonday,dc=local
> (user)
>           ou=Group,dc=williamsonday,dc=local
>           ou=Contacts,dc=williamsonday,dc=local
>                   ou=Shared,ou=Contacts,dc=williamsonday,dc=local
>                   ou=Personal,ou=Contacts,dc=williamsonday,dc=local
>
> ou=billday,ou=Personal,ou=Contacts,dc=williamsonday,dc=local
> (private address books)
>
>
> access to
> dn.regex="^ou=([^,]+),ou=Personal,ou=Contacts,dc=williamsonday,dc=local$"
>      attrs=children
>      by dn.regex="^uid=$1,ou=People,dc=williamsonday,dc=local$" write
>      by * none
>
> access to
> dn.regex="^ou=([^,]+),ou=Personal,ou=Contacts,dc=williamsonday,dc=local$"
>      attrs=entry, at inetOrgPerson
>      by dn.regex="^uid=$1,ou=People,dc=williamsonday,dc=local$" write
>      by * none
>
> error is that parent does not have sufficient access
> --
> Bill Day
> williamson.day at gmail.com
> PGP Fingerprint: EE5D DE55 9EF1 E012 7417
> A5F1 1D7D 0847 7785 1146
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the turba mailing list