[ILUG] ldap and eGW: addressbook ACLs - cannot create contact in
group address book
Bernhard D Rohrer
graylion at sm-wg.net
Fri Mar 16 01:36:53 GMT 2007
hi folks
I have the following ACL for my groups:
# Access to groups addressbooks
# allow read of addressbook by members and egwadmin account
access to
dn.regex="^cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=entry
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" read
by dn.regex="cn=admin,dc=graylion,dc=net" write
by users none
# allow members to create entries in there group addressbooks; no-one
else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=entry, at inetOrgPerson, at mozillaAbPersonAlpha
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
by users none
# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$"
attrs=children
by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write
by users none
the LDIF of one of my groups is:
dn: cn=GraylionEnterprises,ou=groups,dc=graylion,dc=net
cn: GraylionEnterprises
gidNumber: 7
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: ...
objectClass: top
objectClass: posixGroup
and the log shows this error:
Mar 15 17:20:27 diskslave slapd[6657]: => bdb_entry_get: found entry:
"cn=graylionenterprises,ou=groups,dc=graylion,dc=net"
Mar 15 17:20:27 diskslave slapd[6657]: <= bdb_entry_get: failed to find
objectClass
while eGW shoes this error:
Error saving the contact !!! Insufficient access: so_ldap: 503
what is wrong? Anybody have any ideas?
google comes up totally blank
cheers
Bernhard
PS: this works for personal address books
--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net
--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net
More information about the ILUG
mailing list