[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl's and the userpassword field

I'm trying restrict searches so that the userpassword entry is not
readable by users who are not self or rootdn

here are my acl's
defaultaccess   read
access  to dn=".*, dc=phy,dc=duke,dc=edu"  attr=userpassword
        by self         write
        by dn="cn=managaer, dc=phy,dc=duke,dc=edu" write
        by *            compare

does this make any sense?
it seemed consistent - I've toggled the by * compare to none but no luck