Am Tue, 16 Oct 2018 15:51:50 +0200
schrieb Lirien Maxime <maxime.lirien@gmail.com>:
Hi all,
thanks for reading.
I have a "supervision" account on all my ldap servers. With the plugin
nagios , it check the synchro. I would like this account read only
contextcsn to check synchro. And only contextcsn not the other
entries. (plugin check nagios).
Can someone help me to write the right ACL ?
Here what I tried but not really right :-/
# ContextCSN
access to dn.subtree="dc=fr" attrs=contextCSN
by dn.subtree="cn=supervision,ou=Comptes Clients,dc=fr" read
by * none
access to dn.base=dc=fr
attrs=entry,children,contextCSN read