Hi Quanah, On Mon, Oct 16, 2017 at 07:58:45AM -0700, Quanah Gibson-Mount wrote: > --On Monday, October 16, 2017 5:55 PM +0200 Ervin Hegedüs > <[email protected]> wrote: > > > >without any real testing, I'm afraid that the rule{0} gives the > >write access to cn=groupabcadmin to _all_ db, not just the ou=ABC > >Cumstomer subtree. > > > >Em I right? > > Hm, yes, that's correct. You'll need to do something like utilize by * > break appropriately, or have multiple "access to userPassword" ACLs by > group, then a catchall after that.
I'm sorry - could you give me an example? I just started to use the LDAP acl since few days... :) I don't belive that this need is generated first time, but I don't found any example, or case-study. Thanks again, a.
