However attributes of cn=test,ou=People,dc=example,dc=com are not
working.
Anyone there?
-----Original Message-----
To: openldap-technical
Subject: RE: Acl attribute access
I had to add objectClass to Dan's example to get this to work. Not sure
if this is the correct approach though.
access to dn.subtree="ou=People,dc=example,dc=com"
attrs="entry,uid,cn,sn,mail,mailHost"
by dn="cn=outsourced_ironport,dc=example,dc=com" read
by * break
[1]
https://www.openldap.org/faq/data/cache/429.html
-----Original Message-----
To: openldap-technical
Subject: Acl attribute access
If I have this acl:
to
dn="[email protected],ou=eeee,ou=ddddd,ou=ccccc,dc=bbbbb,dc=
aaaaa,dc=local"
by ssf=64
dn.exact="uid=acctest,ou=ffff,ou=ddddd,ou=ccccc,dc=bbbbb,dc=aaaaa,dc=loc
al" read
I can access with this ldap search:
ldapsearch -LLL -W -s sub -b
"[email protected],ou=eeee,ou=ddddd,ou=ccccc,dc=bbbbb,dc=aaa
aa,dc=local" -D
"uid=acctest,ou=ffff,ou=ddddd,ou=ccccc,dc=bbbbb,dc=aaaaa,dc=local" -H
ldaps://ldap.local sendmailMTAKey
If I change the acl to
to
dn="[email protected],ou=eeee,ou=ddddd,ou=ccccc,dc=bbbbb,dc=
aaaaa,dc=local" attrs="sendmailMTAKey"
by ssf=64
dn.exact="uid=acctest,ou=ffff,ou=ddddd,ou=ccccc,dc=bbbbb,dc=aaaaa,dc=loc
al" read
The ldapsearch is not returning any object. How to resolve this?
