Hallo,
ich teste gerade das neue LDAP-Adressbuch und die User/Gruppen. Die
User- Gruppenverwaltung klappt prima, nur das Adressbuch zickt noch rum.
Wenn ich den Dialog zum einfügen eines neuen Kontaktes aufrufe, erhalte
ich folgende Fehlermeldung:
— snip —
Warning: Invalid argument supplied for foreach() in
/srv/www/htdocs/egroupware-test/addressbook/inc/class.uicontacts.inc.php
on line 810
— snap —
Wenn ich dann versuche einen Kontakt zu speichern, erhalte ich folgende
Fehlermeldung:
— snip —
Fehler beim Speichern des Kontakts !!! Object class violation: so_ldap: 470
— snap —
Ist mir da bei der Konfiguration ein Fehler unterlaufen?
Zur Kontrolle mal meine LDAP-Konfiguration:
Mein LDAP-Tree:
— snip — # de
dn: dc=de
objectClass: top
objectClass: dcObject
objectClass: organization
l: Berlin
st: Berlin
o: reventix GmbH
dc: de
reventix, de
dn: o=reventix,dc=de
objectClass: top
objectClass: organization
l: Berlin
st: Berlin
o: reventix
root, reventix, de
dn: cn=root,dc=de
objectClass: organizationalRole
cn: root
users, reventix, de
dn: ou=users,o=reventix,dc=de
objectClass: top
objectClass: organizationalUnit
ou: users
groups, reventix, de
dn: ou=groups,o=reventix,dc=de
objectClass: top
objectClass: organizationalUnit
ou: groups
contacts, reventix, de
dn: ou=contacts,o=reventix,dc=de
objectClass: top
objectClass: organizationalUnit
ou: contacts
— snap —
Meine slapd.conf:
— snip —
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/evolutionperson.schema
include /etc/openldap/schema/mozillaAbPersonAlpha.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attr=userPassword,userPKCS12
by self write
by * auth
access to attr=shadowLastChange
by self write
by * read
include /etc/openldap/eGW_ACL_Addressbook.conf
access to *
by * read
database bdb
checkpoint 1024 5
cachesize 10000
suffix "dc=de"
rootdn "cn=root,dc=de"
rootpw {SSHA}<PASSWORT_HASH>
directory /var/lib/ldap
index objectClass eq
— snap —
Die ACL-Konfiguration habe ich natürlich an meine LDAP Konfiguration
angepasst:
— snip — # Access to users personal addressbooks
allow read of addressbook by owner and egwadmin account
access to dn.regex="^cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=de$"
attrs=entry
by dn.regex=“uid=$1,ou=users,o=$2,dc=de” read
by dn.regex=“cn=egwadmin,o=$2,dc=de” write
by users none
allow user to create entries in own addressbook; no-one else can access it # needs write access to the entries ENTRY attribute …
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=de$"
attrs=children
by dn.regex=“uid=$1,ou=users,o=$2,dc=de” write
by users none
… and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=de$"
attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
by dn.regex=“uid=$1,ou=users,o=$2,dc=de” write
by users none
Access to groups addressbooks
allow read of addressbook by members and egwadmin account
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=de$"
attrs=entry
by group.expand=“cn=$1,ou=groups,o=$2,dc=de” read
by dn.regex=“cn=egwadmin,o=$2,dc=de” write
by users none
allow members to create entries in there group addressbooks; no-one
else can access it # needs write access to the entries ENTRY attribute …
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=de$"
attrs=children
by group.expand=“cn=$1,ou=groups,o=$2,dc=de” write
by users none
… and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=de$"
attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
by group.expand=“cn=$1,ou=groups,o=$2,dc=de” write
by users none
— snap —
Viele Grüße
Bastian
Virus checked by G DATA AntiVirusKit
Version: AVK 16.7886 from 14.06.2006
Virus news: www.antiviruslab.com
egroupware-german mailing list
egroupware-german@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-german
