This is the first ACL in the file.
Tim Gustafson SOE Webmaster UC Santa Cruz [email protected] 831-459-5354 -----Original Message----- From: Quanah Gibson-Mount <[email protected]> Date: Fri, 30 Jan 2009 17:24:47 To: Tim Gustafson<[email protected]>; <[email protected]> Subject: Re: ACL Question --On Friday, January 30, 2009 4:42 PM -0800 Tim Gustafson <[email protected]> wrote: > Hi, > > I have the following in my slapd.conf: > > access to dn.subtree="cn=log" > by > group/groupOfNames/Member="cn=ldap-admins,ou=Group,dc=soe,dc=ucsc,dc=edu" > read > > However, anyone (even unbound anonymous users) can access cn=log without > any problems. I don't want anyone but ldap-admins to be able to access > this subtree. > > I'm thinking that I must be missing something really simple here. Am I > doing something wrong? Any help is greatly appreciated. What are your other acls? ACLs are applied as they are reached, so if a previous ACL allows access to cn=log, this one will never get evaluated. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
