olcAccess: {0} to dn.exact=""
by * read
olcAccess: {1} to dn.exact="cn=Subschema"
by * read
olcAccess: {2} to attrs=userPassword,shadowLastChange
by ssf=256 self read
by ssf=256 anonymous auth
by * none break
...
olcAccess: {7} to dn.subtree="xxxxxx" filter=(objectClass=posixAccount) attrs=
by ssf=64 dn.exact="yyyy" read
by * break
olcAccess: {8} to dn.subtree="xxxxxx"
by ssf=256 dn.exact="yyyy" search
by ssf=256 self read
by anonymous
is there not a syntax or so for attrs=-userPassword
Or am I approaching this incorrectly?
