[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL Question

--On Friday, January 30, 2009 4:42 PM -0800 Tim Gustafson <tjg@soe.ucsc.edu> wrote:


I have the following in my slapd.conf:

access to dn.subtree="cn=log"

However, anyone (even unbound anonymous users) can access cn=log without
any problems.  I don't want anyone but ldap-admins to be able to access
this subtree.

I'm thinking that I must be missing something really simple here.  Am I
doing something wrong?  Any help is greatly appreciated.

What are your other acls? ACLs are applied as they are reached, so if a previous ACL allows access to cn=log, this one will never get evaluated.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration