[Date Prev][Date Next] [Chronological] [Thread] [Top]


This syntax corrects the issue:


The described behavior is not the same as that in practice. It appears
all rights not explicitly granted are implicitly denied, resulting in
every "by aci" directive ending necessarily in a stop, regardless of
whether the subject is matched by DN and/or group membership. A
non-matched subject results in no-access to [entry]. 

Granting access to [all] implies [entry], but granting access only to
attributes does not imply [entry]. I think that granting r to any
attribute should imply granting r to [entry], but I expect there are
reasons for the current interpretation.