--On Wednesday, August 2, 2023 2:13 PM +0000 Marc <m...@f1-outsourcing.eu>
wrote:
a) ACLs are contextual
I am just appending this to an existing 'standard' type of acl
to dn.subtree="dc=local"
filter=(|(objectClass=sendmailMTAClass)(objectClass=sendmailMTA)) by
ssf=64 dn.exact="cn=cron,dc=local" read
I will repeat that ACLs are contextual. Providing a single ACL w/o the
entire set of ACLs in use for context is not useful. You could enable ACL
level debugging with slapd to see what permissions are being sought during
the search to discover why it no longer returns any objects. Since your
filter breaks it, clearly your search requires access to more than those
two objectClasses.
As an aside, (&(objectClass=*)) should just be shortened to (objectClass=*).
--Quanah
