[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's and write permission.



summarising your post - heres your "active" ACL's by the looks:

access to dn.base="cn=Subschema"
       by * read
access to attrs=userPKCS12
       by self write
       by * auth
access to attrs=shadowLastChange
       by self write
       by * read
access to attrs=userPassword
       by dn="cn=admin,dc=sub,dc=domain,dc=xyz,dc=xy" write
       by anonymous    auth
       by self         write
       by *            none
access to dn.base=""
       by * read
access to *
       by dn="cn=admin,dc=sub,dc=domain,dc=xyz,dc=xy" write
       by * read
access to dn="ou=moodleusers,dc=sub,dc=domain,dc=xyz,dc=xy"
       by dn="uid=usuariomoodle-admin,dc=sub,dc=domain,dc=xyz,dc=xy" write

The rule for "usuariomoodle-admin" is inaccessable. As ACL's are only
processed until a match is found you can never get to this rule - the
preceeding rule says give read to * so the ACL will always stop there
if it hasn't been already caught by one of the others. Simple move
that last access rule above the access to * on and you should get
things moving in the right direction.

Shane.