Hi all,

I'm confused about ACI and need some help from the experts....


I want to create an ACI for read only access to a certain branch of my
LDAP tree. Therefor I created the following ACI



(targetattr = "userPassword || uid") (target =
"ldap:///ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de") (version
3.0;acl "read only";allow (read)(userdn =
"ldap:///uid=ro_user,ou=Special Users,dc=eurodata,dc=de")


But when I am authenticated with user ro_user, I got information which
are outside the branch ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de


What I'm doing wrong???

Thanks

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

On 02/14/2012 12:17 AM, Walter Neu wrote:
Hi
all,




I'm confused about ACI and need some help from the experts....






I want to create an ACI for read only access to a certain branch
of my LDAP tree. Therefor I created the following ACI






(targetattr = "userPassword || uid") (target =
"ldap:///ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de") (version
3.0;acl "read only";allow (read)(userdn =
"ldap:///uid=ro_user,ou=Special Users,dc=eurodata,dc=de")




But when I am authenticated with user ro_user, I got information
which are outside the branch
ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de




What I'm doing wrong???



In which entry did you set this aci?




Thanks






--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users