At 02:05 PM 2/16/2006, Terry wrote: >I am trying to write to an entry. Here is my log: > >Feb 16 15:57:18 localhost slapd[26992]: => acl_mask: access to entry >"uid=39,ou=addr,uid=joe,ou=Users,ou=OxObjects,dc=domain,dc=net", attr >"telephoneNumber" requested
by <uid=joe,ou=Users,ou=OxObjects,dc=domain,dc=net>. >Here is my acl config: > >access to dn.base="" by * read n/a >access to dn.base="cn=Subschema" by * read n/a ># protect the userPassword attribute >access to attr=userPassword > by self =w > by anonymous auth n/a ># global address book >access to dn.subtree="o=AddressBook,ou=OxObjects,dc=domain,dc=net" > by > group.exact="cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=domain,dc=net" >write > by users read n/a ># personal address book >access to >dn.regex="^ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=domain,dc=net)$" >attrs=children > by dn.exact,expand="$1" write n/a >access to >dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=domain,dc=net)$" >attrs=entry > by dn.exact,expand="$2" write n/a ># default rule allowing users full access to their own entries >access to * > by self write > by users read applicable. target not subject, subject is authenticated, so read should be granted. >Feb 16 15:57:18 localhost slapd[26992]: => access_allowed: write >access denied by read(=rscx)
