On 1/20/11 10:05 AM, "Rob Crittenden" <[email protected]> wrote: >Simo Sorce wrote: >> On Wed, 19 Jan 2011 17:51:56 -0500 >> Rob Crittenden<[email protected]> wrote: >> >>> +aci: (targetattr = "member || memberOf || memberHost || >>> memberUser")(version 3.0; acl "No anonymous access to member >>> information"; deny (read,search,compare) userdn != "ldap:///all";;) >> >> Nack, without 'member', nss_ldap will have no way to determine >> posixAccount group memberships using anonymous access (the default). >> >> Simo. >> > >Ok, dropped member and added an aci for cn=roles. > >rob >_______________________________________________ >Freeipa-devel mailing list >[email protected] >https://www.redhat.com/mailman/listinfo/freeipa-devel
ACK _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
