Quanah Gibson-Mount wrote:
--On Thursday, September 21, 2006 12:13 AM -0700 Howard Chu
<[EMAIL PROTECTED]> wrote:
Rob Tanner wrote:
On 09/20/2006 01:57 PM, Quanah Gibson-Mount wrote:
access to dn.subtree="ou=classlists,o=linfield.edu"
by dnattr=owner write
access to dn.subtree="ou=classlists,o=linfield.edu"
attrs=uniquemember,owner
by * none
access to dn.subtree="ou=classlists,o=linfield.edu"
by * read
This gets me half way to my goal. With the first ACL in place and
logging in as an owner (my DN in the owner attribute), I can see all the
nodes immediately beneath "ou=classlists,o=linfield.edu", but I cannot
see objects beneath them.
The above was wrong anyway. It should have been:
Actually, the above was not wrong. Your ACL's are more concise, but
lose some of the detail.
No, unless you use a "break" on the first access clause, it will prevent
the other two from having any effect.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
