> Now I did try it out and think I found a solution to your problem: > > access to dn.children="ou=users,dc=test,dc=com" > filter="(objectClass=radiusprofile)" > by dn=cn=radius,ou=sa,dc=test,dc=com read > by users read > > access to dn.children="ou=users,dc=test,dc=com" > by dn=cn=radius,ou=sa,dc=test,dc=com none > by users read > > access to dn.base="ou=users,dc=test,dc=com" > by users read > > Does this work for you? hi peter, the acl statements you provided are working. deploying them in our productive environment requires rewriting plenty of the existing acls. due to the risks associated with messing with the acls unfortunately I'll have to postpone the modifications to the time between christmas and new year's. nevertheless thank you for your effort on finding a solution to my problem. cheers, marvin
Attachment:
smime.p7s
Description: S/MIME cryptographic signature