Hi guys
I have a problem in that I can happily edit entries in my LDAP-based
address book, but when I try to delete them I am getting "insufficient
permissions"
I am loading these schemas:
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/rfc2307bis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/evolutionperson.schema
include /etc/ldap/schema/mozillaabpersonalpha.schema
include /etc/ldap/schema/greenmta.schema
include /etc/ldap/schema/samba.schema
the relevant part of the ACL is:
# Access to users personal addressbooks
# allow read of addressbook by owner and egwadmin account
access to dn.regex="^cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$"
attrs=entry
by dn.regex="uid=$1,ou=users,dc=graylion,dc=net" read
by dn.regex="cn=admin,dc=graylion,dc=net" write
by users none
# allow user to create entries in own addressbook; no-one else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$"
attrs=children
by dn.regex="uid=$1,ou=users,dc=graylion,dc=net" write
by users none
# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,dc=graylion,dc=net$"
attrs=entry, at inetOrgPerson, at mozillaAbPersonAlpha, at evolutionPerson, at inetOrgPerson, at mozillaAbPersonAlpha, at evolutionPerson
by dn.regex="uid=$1,ou=users,dc=graylion,dc=net" write
by users none
# Access to groups addressbooks
# allow read of addressbook by members and egwadmin account
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=entry
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" read
by dn.regex="cn=admin,dc=graylion,dc=net" write
by users none
# allow members to create entries in there group addressbooks; no-one
else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=children
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
by users none
# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=entry, at inetOrgPerson, at mozillaAbPersonAlpha, at evolutionPerson
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
by users none
I am having a strong feeling that my porblem is somewhere in here:
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=entry, at inetOrgPerson, at mozillaAbPersonAlpha, at evolutionPerson
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
by users none
but cannot make sense of it.
cheers
Bernhard
--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
