Hi all,
I'm running openldap-2.3.43 on gentoo amd64.
Shouldn't give the following access directive members of ou=People,dc=foo,dc=bar selfread permissions to attrs=member and all others (eg. the bind user cn=ldapbind,ou=dsa,dc=foo,dc=bar) unlimited read permissions?
access to dn.subtree="ou=Group,dc=foo,dc=bar" attrs=member by dn.children="ou=People,dc=foo,dc=bar" selfread by * read
Selfread works only if i restrict * to none, but that's not what i want. 'by * read' is not what i want at least but it simplifies the example.
access to dn.subtree="ou=Group,dc=foo,dc=bar" attrs=member by dn.children="ou=People,dc=foo,dc=bar" selfread by * none
It should expand to 'by dn.children="ou=People,dc=foo,dc=bar" selfread stop' but it seems to continue.
What's wrong?
Regards Christian