[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL Issues

I am attempting to be very granular in the access that I give to my directory, but I seem to be struggling with the implementation.

I have several proxy accounts that I want to grant the access to that they need, no more, no less.  But I seem to have to put a line in like:

access to dn.children="dc=company,dc=com" by * read in order to authenticate.  What I thought I wanted was something like this:

access to attrs=userPassword
	by dn.exact=proxy,dc=company,dc=com write
	by self write
	by anonymous auth

But without read access above, it does not work.  How can I allow proxy users/groups access w/out granting read access to everyone?  Or does the dn.children allow read access to all attributes?