I am having a bit of trouble getting an ACL set correctly and could use
an extra set of eyes to look at this and help me debug what the problem
is. ACLs are not my strong point and I am in a jam with this today.
Thanks.
Here is the -d 128 debugging output from slapd...
--------------
=> access_allowed: write access to
"ou=addr,uid=fran,ou=People,dc=cis,dc=uab,dc=edu" "children" requested
=> dn: [2] dc=cis,dc=uab,dc=edu
=> acl_get: [2] matched
=> acl_get: [2] attr children
=> acl_mask: access to entry
"ou=addr,uid=fran,ou=People,dc=cis,dc=uab,dc=edu", attr "children" requested
=> acl_mask: to all values by "uid=fran,ou=people,dc=cis,dc=uab,dc=edu",
(=n)
<= check a_dn_pat: self
<= check a_dn_pat: uid=oxadmin,ou=people,dc=cis,dc=uab,dc=edu
<= check a_dn_pat: *
<= acl_mask: [3] applying read(=rscx) (stop)
<= acl_mask: [3] mask: read(=rscx)
=> access_allowed: write access denied by read(=rscx)
---------------
...and here are the ACL entries that should govern write access to this
area of the LDAP hierarchy....
---------------
access to
dn.regex="^ou=addr,(uid=([^,]+),ou=people,dc=cis,dc=uab,dc=edu)$"
attrs=children
by dn.exact,expand="$1" write
by dn="uid=oxadmin,ou=People,dc=cis,dc=uab,dc=edu" write
access to
dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=people,dc=cis,dc=uab,dc=edu)$"
attrs=entry
by dn.exact,expand="$2" write
by dn="uid=oxadmin,ou=People,dc=cis,dc=uab,dc=edu" write
access to *
by self write
by * read
----------------
Can anyone see anything obvious as to why I am getting denied write access?
Thanks,
Fran
--
Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama at Birmingham
http://www.cis.uab.edu/
205.934.0653
