Hi, Thanks for your help: the set clause you gave me works. happy :-) Still, if you don't mind, I have one more question about the paragraph, below, you wrote in your last mail:
Pierangelo Masarati a écrit : > Of course, the user needs to have "search" access to the entry, the > attributes and values that are used in the filter... in your case, to > attrs entry, objectClass and groupesTravail of the user object. Can you precise what you mean by the word *user* in «the *user* which needs to have "search" access ...» Because with this as my last rule: > access to * > by dn.exact="cn=adminLDAP,dc=domain" write > by users read > by anonymous search everything is fine. whereas after this small modification on the anonymous user: > access to * > by dn.exact="cn=adminLDAP,dc=domain" write > by users read > by anonymous auth it fails. I don't understand :-( On http://www.openldap.org/faq/data/cache/1133.html, it is written: > The base "user" refers to the directory object for the currently > connected user (the identity the <by> clause is testing access rights for). so, why do I have to give search privileges to the "anonymous" user ? probably I am misunderstanding something. Would you mind to explain ? thanks. -- Fabrice Eudes -o) Clé PGP 88AC3A66 /\\ Utilisateur Linux n°245401 _\_V Tel 09 50 77 73 78 Fax 09 55 77 73 78 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ phpldapadmin-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
