HI! Maybe I'm doing something obviously wrong but I don't see it. I want to limit the right to reset a counter value solely to zero with this ACL directive: add_content_acl yes [..] access to dn.subtree="ou=ae-dir" filter="(aeStatus=0)" attrs=oathHOTPCounter val/integerMatch="0" by group/aeGroup/member="cn=2fa admins,cn=2fa,ou=ae-dir" write by * break [..] The modify request looks like this (old value is 10): dn: serialNumber=yubikey-23,cn=2fa,ou=ae-dir changetype: modify replace: oathHOTPCounter oathHOTPCounter: 0 - It seems the ACL does not trigger, without the val= part the modification is allowed (but to any value). I also tried other forms: val="0" val=0 val.regex="^0$" Can somebody help me? Thanks in advance. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature