according to the openldap admin guide, giving access to attributes with
attrs="bla" is not enough. you have to define to which entries the
access rule applies.
try this acl:
access to "dn=.*" attrs=userPassword
by self write
by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write
by anonymous auth
by * none
tom.
On Fri, 2002-02-15 at 00:28, Christine Robertson wrote:
> Greetings all,
> We are running OpenLDAP 2.0.19 (the port to FreeBSD), and
> I seem to have broken by ACL for the userPassword attribute. The
> ACL is:
> access to attrs=userPassword
> by self write
> by dn="uid=.*,ou=CIAdmin,dc=..,dc=cordoors,dc=com write
> by anonymous auth
> by * none
>
> but I cannot see the attribute with ldapsearch binding either as
> the entry itself or as the root DN.
>
> Any thoughts on why would be much appreciated.
>
> --Chris Robertson
> Corinthian Engineering, Sydney, Australia
--
Thomas Hager | "Microsoft is not the answer.
Technical Product Development | Microsoft is the question.
thomas.hager@1012surf.net | NO is the answer."
http://www.telering.at | Erik Naggum.
Attachment:
signature.asc
Description: This is a digitally signed message part