[LUNI] LDAP write access
lists at redboy.cx
Thu Aug 31 11:59:10 CDT 2006
On Thu, 31 Aug 2006 09:20:40 -0500, "Keith T. Garner" <kgarner at kgarner.com> wrote:
> The only thing I can think of is you gave yourself access to one, and only
> one, dn. You probably want anything that is a child of that as well. So
> you might want, in addition to what you've already got, something like:
> access to dn=".*,ou=sten,ou=contacts,dc=redboy,dc=cx"
> by dn="uid=sten,ou=users,dc=redboy,dc=cx" write
> by * none
Actually, this was one of the bits I got really confused on. Even the comments in the config file say I should be able to do what you said:
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=redboy,dc=cx" write
# by dnattr=owner write
But when I use dn=".*,ou....", slapd barfs:
sten at fenris2:~$ /usr/sbin/slaptest -v -f slapd.conf
slapd.conf: line 125: bad DN ".*,ou=sten,ou=contacts,dc=redboy,dc=cx" in to DN clause
All the examples I've seen say to use dn=".*,ou....", but my slapd (2.2.23-8 from debian/sarge) doesn't like it.
Thanks for the pointer, I'll keep stabbing at it.
More information about the luni