Hi Mark,
I have a test instance of 389-ds running on a vm. I’ve tried updating the aci
like this:
dn: cn=mapping tree,cn=config
changetype: modify
replace: aci
aci: (targetattr = "cn || nsuniqueid || createtimestamp || description ||
entryusn || modify
timestamp || nsds50ruv || MORE STUFF)(targetfilter =
"(|(objectclass=nsds5Replic
a)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationA
greement)(objectClass=nsMappingTree)(objectClass=nsTombstone))")(version
3.0;acl "permission:Read Repl
ication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Re
plication Agreements,cn=permissions,cn=pbac,dc=MYREALM,dc=net”;)
But still executing the command below produces no output. Executing the command
as admin does work:
ldapsearch -h localhost -LLL -x -D
'uid=ipamonitor,cn=users,cn=accounts,dc=sgerasenko,dc=net' -w PWD
'(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectClass=nsTombstone))’
nsds50ruv
I’ve verified that “ipamonitor" does have "Read Replication Agreements"
assigned.
Any ideas what could be missing?
Thanks,
Sergei
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]/message/MCJ7KRVAYEKGFDZJ2K5EE5HYSPAYGCEF/
