>>> 2/ How can I hide my transitional LDAP suffix in the rootDSE ?
[...] > 8<-------- > access to dn.exact="" > attrs=namingContexts val/distinguishedNameMatch="o=example transitional" > by * none > access to dn.base="" by * read > 8<-------- > > The first should match when namingContexts are listed. But it doesn't, I > have read access on all values. I have inverted all ACLs, tried to apply > different scopes or more restrictive rights with some break/continue > controls, etc. [...] > Any idea ? Maybe I got it. I read the manpage of slapd.access : "Using the form attrs=<attr> val[/matchingRule][.<attrstyle>]=<attrval> specifies access to a particular value of a single attribute. *In this case, only a single attribute type may be given*. [...]" So, I tried with the single-value configContext attribute, and it works! So, I can not apply this rule on namingContexts because it contains multiple values ? Thomas. -- Thomas Chemineau Groupe LINAGORA - http://www.linagora.com Tél.: +33(0)1 58 18 68 28 - Fax : +33(0)1 58 18 68 29
