--On Thursday, March 4, 2021 5:44 PM +0100 Frédéric Goudal
<[email protected]> wrote:
Hello,
I have a production ldap with some acl set. For historical reason the
synchronizationn is done with the root dn which is bad. I want to add a
user to perform synchronization it must have the right to read
everytthing.
is the acl :
access to * by dn.exact=<somedn> break
added in first position be enough to read everything (even attributs that
have been limited on some other acl) AND not break the current
configuration ?
Generally what you would want is:
access to * by dn.exact=<somedn>
by * break
So that only this ACL applies to somedn, and ACL processing for everything
else continues as it did before.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
