Howard Chu wrote: > Jan-Piet Mens wrote: >>> access to dn.subtree="ou=people,dc=example,dc=com" >>> attrs=@entryAccessEntities >>> >>> but strangely this ALSO changes the privileges for the objectClass >>> attribute of the entry! >> >> I can confirm that's happening here with same OpenLDAP version. I've >> been banging my head all afternoon trying to find my own typo... > > Don't inherit from top. This does not work for standard STRUCTURAL object classes. Hmm, another work-around could be to place an appropriate ACL for attribute 'objectClass' before the ACL using @objectClassName catching all possible access right cases. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature