according to the openldap admin guide, giving access to attributes with attrs="bla" is not enough. you have to define to which entries the access rule applies. try this acl: access to "dn=.*" attrs=userPassword by self write by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write by anonymous auth by * none tom. On Fri, 2002-02-15 at 00:28, Christine Robertson wrote: > Greetings all, > We are running OpenLDAP 2.0.19 (the port to FreeBSD), and > I seem to have broken by ACL for the userPassword attribute. The > ACL is: > access to attrs=userPassword > by self write > by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write > by anonymous auth > by * none > > but I cannot see the attribute with ldapsearch binding either as > the entry itself or as the root DN. > > Any thoughts on why would be much appreciated. > > --Chris Robertson > Corinthian Engineering, Sydney, Australia -- Thomas Hager | "Microsoft is not the answer. Technical Product Development | Microsoft is the question. thomas.hager@1012surf.net | NO is the answer." http://www.telering.at | Erik Naggum.
Attachment:
signature.asc
Description: This is a digitally signed message part