Bernhard D Rohrer <[EMAIL PROTECTED]> writes: > hi folks > > I have the following ACL for my groups: > > # Access to groups addressbooks > > # allow read of addressbook by members and egwadmin account > access to > dn.regex="^cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$" > attrs=entry > by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" read > by dn.regex="cn=admin,dc=graylion,dc=net" write > by users none > > # allow members to create entries in there group addressbooks; no-one > else can access it > # needs write access to the entries ENTRY attribute ... > access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$" > attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha > by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write > by users none > > # ... and the entries CHILDREN > access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,dc=graylion,dc=net$" > attrs=children > by group.expand="cn=$1,ou=groups,dc=graylion,dc=net" write > by users none > > > > the LDIF of one of my groups is: > > dn: cn=GraylionEnterprises,ou=groups,dc=graylion,dc=net > cn: GraylionEnterprises > gidNumber: 7 > memberUid: user1 > memberUid: user2 > memberUid: user3 > memberUid: ... > objectClass: top > objectClass: posixGroup > > and the log shows this error: > > Mar 15 17:20:27 diskslave slapd[6657]: => bdb_entry_get: found entry: > "cn=graylionenterprises,ou=groups,dc=graylion,dc=net" > Mar 15 17:20:27 diskslave slapd[6657]: <= bdb_entry_get: failed to find > objectClass
See man slapd.access(5), the dn style group expects objectclass groupOfnames as default. if you use other object classes, you have to define these, something like 'by group/posixgroup/memberUid' If you use posixgroup it might be necessary to map the memberUid attribute value to a dn. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
