[LUNI] LDAP write access

[sten]

On Thu, 31 Aug 2006 09:20:40 -0500, "Keith T. Garner" <kgarner at kgarner.com> wrote:
> The only thing I can think of is you gave yourself access to one, and only
> one, dn.  You probably want anything that is a child of that as well.  So
> you might want, in addition to what you've already got, something like:
>
>   access to dn=".*,ou=sten,ou=contacts,dc=redboy,dc=cx"
>     by dn="uid=sten,ou=users,dc=redboy,dc=cx" write
>     by * none


Actually, this was one of the bits I got really confused on. Even the comments in the config file say I should be able to do what you said:

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
#        by dn="cn=admin,dc=redboy,dc=cx" write
#        by dnattr=owner write


But when I use dn=".*,ou....", slapd barfs:

sten at fenris2:~$ /usr/sbin/slaptest -v -f slapd.conf
slapd.conf: line 125: bad DN ".*,ou=sten,ou=contacts,dc=redboy,dc=cx" in to DN clause

All the examples I've seen say to use dn=".*,ou....", but my slapd (2.2.23-8 from debian/sarge) doesn't like it.

Thanks for the pointer, I'll keep stabbing at it.

-sten