Re: [Evolution] LDAP contact updates?
- From: Sean Millichamp <sean compu-aid net>
- To: Chris Toshok <toshok ximian com>
- Cc: evolution lists ximian com
- Subject: Re: [Evolution] LDAP contact updates?
- Date: 08 Apr 2003 17:42:57 -0400
On Mon, 2003-04-07 at 21:45, Chris Toshok wrote:
2) the subschema query failed for some reason. If this is the case
you'll also see the following text in the contact view: "Double-click
here to create a new Contact."
That did it. I was missing read access on the subschema query. I
didn't even know such a thing existed or how it was named in the
directory. Thanks _very_ much for both the subschema suggestion and the
wombat tip. It helped me track it down relatively quickly.
For the archives, here is what I needed to make it go with OpenLDAP
v2.0.27. Select parts from my slapd.conf needed to implement the
private LDAP based address books:
# This allows read access to the root DSE which seems to be required for
# many things
access to dn="" by * read
# This allows read access to the subschema query. I don't think that
# allowing unauthenticated users is any sort of a security problem
access to dn="cn=Subschema" by * read
# This allows write access to the "children" attribute of the parent DN
# This is required to add and delete records
access to dn="uid=.*,ou=People,dc=mydomain,dc=com" attr=children
by self write
by * none
# This allows write access to the children DN to the parent DN
# This is not the same as the line above and is at least required
# to update information with a contact record
# I suspect that it is required for adds/deletes too but I didn't test
access to dn=".*,(uid=.*,ou=People,dc=mydomain,dc=com)"
by dn="$1" write
by * none
I believe that all to be correct but I am not an LDAP expert so if
anyone sees any flaws please feel free to correct. In any case, it
works for me :)
Chris, thank you for your speedy and helpful reply.
Sean Millichamp <sean compu-aid net>
] [Thread Prev