At 10:33 PM 6/16/2006, Manilal K M wrote:
>Hello all,
> I have an openldap implementation with a number of domains. Now I
>need to grant access permission to the Global Address Book of two
>domains. For example my first domain is alpha and second domain is
>beta. I want to share the Global Address Book of alpha with beta and
>vice versa. I have made a simple configuration in
>/etc/openldap/slapd.conf. Here is the acl:
>
>access to dn.regex="ou=Global Address Book,o=alpha,o=com,c=US"
> by dn.regex="uid=(.+),ou=People,o=beta,o=com,c=US" read
> by * none
>access to dn.regex="ou=Global Address Book,o=beta,o=com,c=US"
> by dn.regex="uid=(.+),ou=People,o=alpha,o=com,c=US" read
> by * none
For any target entry matching the above, only the above
apply. The "by * none" sees to that.