Simone Taliercio wrote: > access to * > by self write > by anonymous auth > by users search > > The only way to workaround that issue is removing any ACL or leaving "by users > read".
Looking at the ACL above you likely run into a misunderstanding.
You should carefully read slapd.access(5). Especially the very important
section "THE ACCESS DIRECTIVE" describes significance of order of <what> and
<who> clauses and that the checking stops at the first matching <what> and
<who> clause (if control flow is not explicitly redirected).
Given the example above you might rather want this:
access to *
by self write
by users search
by * auth
YMMV.
Also it's very handy to run slapd -d stats,acl [..other params..] to get ACL
debugging displayed on console.
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
