--On Friday, March 06, 2009 4:10 PM -0500 Andrew Cobaugh
<[email protected]> wrote:
Weird, this isn't matching:
access to dn.children="ou=group,dc=mydoman"
by set="this/cn & user/uid" write
Instead, it's falling through to the "by * read" entry at the top of the
tree.
It doesn't even look like it's trying to match against that ACL, actually.
As documented, ACLs are evaluated in the order they are hit. So if you
have a by * read at the top of your ACLs, then of course nothing after that
will be evaluated.
I suggest you closely read slapd-access(5).
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
