Sorry for the top posting. Iiuc, your acl permit search ( There are any entries of question type in term of search filter) to any authenticated user. If the user is also member of the group grant also read privilege ( give me the entries question type) .
Regards 2012/8/4, Dora Paula <[email protected]>: > Hi list, > > just a short question about "continue" and additive privileges, given > the following acl statement: > > access to dn.subtree="o=test" attrs=sn > by users =s continue > by group/groupOfNames/member="cn=readers,ou=groups,o=test" +r > > If the current user's bindDn isn't a member of the group > "cn=readers,..." or the group's entry does not exist, the previously set > privilege "=s" will be reset to "none"? > > As the slapd.access man page just gives a "silly" and an "even more > silly" example regarding "continue" I'm not sure this is the intended > behavior. > > Attached you'll find my minimalistic testbed: > slapd.conf > sample ldif data > two ldapsearch commands (including their slapd.log level 128) > > I'm using openldap MASTER. > > Thank you very much. > > Cheers > Dora > > -- Inviato dal mio dispositivo mobile
