Hello, Thanks for the correction I understand better now.
And than another question : there is no <access> keyword in the acl. Does it mean that the default value is read ? The man page is not clear about it (or I have not read it correctly). f.g. > Le 4 mars 2021 à 17:52, Quanah Gibson-Mount <[email protected]> a écrit : > > > > --On Thursday, March 4, 2021 5:44 PM +0100 Frédéric Goudal > <[email protected]> wrote: > >> Hello, >> >> I have a production ldap with some acl set. For historical reason the >> synchronizationn is done with the root dn which is bad. I want to add a >> user to perform synchronization it must have the right to read >> everytthing. >> >> is the acl : >> access to * by dn.exact=<somedn> break >> added in first position be enough to read everything (even attributs that >> have been limited on some other acl) AND not break the current >> configuration ? > > > Generally what you would want is: > > access to * by dn.exact=<somedn> > by * break > > So that only this ACL applies to somedn, and ACL processing for everything > else continues as it did before. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >
