[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attrs=@objectClassName affects objectClass attribute



Howard Chu wrote:
> Jan-Piet Mens wrote:
>>> access to dn.subtree="ou=people,dc=example,dc=com"
>>> attrs=@entryAccessEntities
>>>
>>> but strangely this ALSO changes the privileges for the objectClass
>>> attribute of the entry!
>>
>> I can confirm that's happening here with same OpenLDAP version. I've
>> been banging my head all afternoon trying to find my own typo...
> 
> Don't inherit from top.

This does not work for standard STRUCTURAL object classes.

Hmm, another work-around could be to place an appropriate ACL for attribute
'objectClass' before the ACL using @objectClassName catching all possible
access right cases.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature