Hi,According: http://www.openldap.org/lists/openldap-technical/201509/msg00133.html
The {3} rule is never used because {2} match everythink (to * by * read). nobody has write privilege except rootdn (cn=admin,dc=mydomain,dc=com) who, by the way, does not need an explicit configuration for that.
Cheers. Le 18/10/2015 10:40, Ervin Hegedüs a écrit :
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=mydomain,dc=com" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=mydomain,dc=com" write by * read
olcAccess: {3}to dn.subtree="ou=public,ou=rcabook,dc=mydomain,dc=com" by users writ
e
olcLastMod: TRUE
...
Which privileges do I need to add, for all user would add the
entries to subtree?
Thanks,
a.
-- *Abdelhamid Meddeb* http://www.meddeb.net
Attachment:
smime.p7s
Description: Signature cryptographique S/MIME