@Nathan: yes, rereading the slapd.access manpage I think you're right,
the first match will define level of access:
<<Access control checking stops at the first match of the <what> and
<who> clause, unless otherwise dictated by the <control> clause.>>
Also, given that:
<<Each <who> clause list is implicitly terminated by a "by * none stop" clause
that results in stopping the access control with no access privileges
granted>>
I think the right way is to completely replace the existing olcAccess: {0} line
by
olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage break
and remove the new olcAccess: {1} line.
I'll file a new bug about this.
--
slapd package configuration aborts due to "ordered_value_sort failed on attr
olcAccess" error during Hardy -> Lucid upgrade
https://bugs.launchpad.net/bugs/538516
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
