[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: set ACL specification/syntax

On Fri, Mar 6, 2009 at 4:45 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> Which ACL is "This ACL"?

access to dn.subtree="ou=group,dc=mydomain"
    by set="this/cn & user/uid" write

> Have you turned on acl level debugging to see what exactly is occurring when
> you go to do operations?

Yes, and it is falling right past the above acl and hitting the
catchall for the top of the directory for * read.

> Also, what OpenLDAP release are you using?

Heh, OpenLDAP 2.4.11. Old I know, I've been meaning to go back to a
stable 2.3 for some time, but 2.4.x had certain fixes for the
translucent overlay that I needed, which I don't need anymore.