--On Thursday, September 21, 2006 12:13 AM -0700 Howard Chu <hyc@symas.com> wrote:
Rob Tanner wrote:On 09/20/2006 01:57 PM, Quanah Gibson-Mount wrote:
access to dn.subtree="ou=classlists,o=linfield.edu" by dnattr=owner write access to dn.subtree="ou=classlists,o=linfield.edu" attrs=uniquemember,owner by * none access to dn.subtree="ou=classlists,o=linfield.edu" by * read
This gets me half way to my goal. With the first ACL in place and logging in as an owner (my DN in the owner attribute), I can see all the nodes immediately beneath "ou=classlists,o=linfield.edu", but I cannot see objects beneath them.
The above was wrong anyway. It should have been:
Actually, the above was not wrong. Your ACL's are more concise, but lose some of the detail.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/