Hmm, I am not to familiar with the acl's. I have solved
it now by duplicating the by lines to the other section
something like this
{5} access to dn.subtree="ou=People,dc=example,dc=com"
attrs="entry,uid,cn,sn,mail,mailHost"
by dn="cn=outsourced_ironport,dc=example,dc=com" read
by dn="cn=outsourced_bla,dc=example,dc=com" read
{6} access to dn.subtree="ou=People,dc=example,dc=com"
by dn="cn=outsourced_bla,dc=example,dc=com" read
But I am not to pleased with this solution either. I had to
create a new account and save the password on a client,
while user account dn's are available there, and they should
access these 'own' attributes.
https://www.mail-archive.com/[email protected]/msg25113.html
-----Original Message-----
To: openldap-technical
Subject: Re: Now combining acl attribute access with regular access
fails
You are confusing “continue” with “break”.
> On Aug 31, 2020, at 9:22 AM, Marc Roos <[email protected]>
wrote:
>
>
> Now I have that either works, but not both. Reversing these rules also
> does not work (with keeping the continue at 5)
>
> {5} access to dn.subtree="ou=People,dc=example,dc=com"
> by dn="cn=outsourced_bla,dc=example,dc=com" read
> by * continue
> {6} access to dn.subtree="ou=People,dc=example,dc=com"
> attrs="entry,uid,cn,sn,mail,mailHost"
> by dn="cn=outsourced_ironport,dc=example,dc=com" read
>
> Any help possible?
>
//
John Pfeifer
Division of Information Technology
University of Maryland, College Park
