Re: [Evolution] LDAP contact updates?

On Mon, 2003-04-07 at 21:45, Chris Toshok wrote:

2) the subschema query failed for some reason.  If this is the case
you'll also see the following text in the contact view: "Double-click
here to create a new Contact."

That did it.  I was missing read access on the subschema query.  I
didn't even know such a thing existed or how it was named in the
directory.  Thanks _very_ much for both the subschema suggestion and the
wombat tip.  It helped me track it down relatively quickly.

For the archives, here is what I needed to make it go with OpenLDAP
v2.0.27.  Select parts from my slapd.conf needed to implement the
private LDAP based address books:

# This allows read access to the root DSE which seems to be required for
# many things
access to dn="" by * read

# This allows read access to the subschema query.  I don't think that
# allowing unauthenticated users is any sort of a security problem
access to dn="cn=Subschema" by * read

# This allows write access to the "children" attribute of the parent DN
# This is required to add and delete records
access to dn="uid=.*,ou=People,dc=mydomain,dc=com" attr=children
        by self write
        by * none

# This allows write access to the children DN to the parent DN
# This is not the same as the line above and is at least required
# to update information with a contact record
# I suspect that it is required for adds/deletes too but I didn't test 
# that.
access to dn=".*,(uid=.*,ou=People,dc=mydomain,dc=com)"
        by dn="$1" write
        by * none

I believe that all to be correct but I am not an LDAP expert so if
anyone sees any flaws please feel free to correct.  In any case, it
works for me :)

Chris, thank you for your speedy and helpful reply.


Sean Millichamp <sean compu-aid net>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]