[Date Prev][Date Next]
This syntax corrects the issue:
The described behavior is not the same as that in practice. It appears
all rights not explicitly granted are implicitly denied, resulting in
every "by aci" directive ending necessarily in a stop, regardless of
whether the subject is matched by DN and/or group membership. A
non-matched subject results in no-access to [entry].
Granting access to [all] implies [entry], but granting access only to
attributes does not imply [entry]. I think that granting r to any
attribute should imply granting r to [entry], but I expect there are
reasons for the current interpretation.