On Fri, Mar 6, 2009 at 4:45 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
Which ACL is "This ACL"?
access to dn.subtree="ou=group,dc=mydomain"
by set="this/cn & user/uid" write
Have you turned on acl level debugging to see what exactly is
occurring when
you go to do operations?
Yes, and it is falling right past the above acl and hitting the
catchall for the top of the directory for * read.
Also, what OpenLDAP release are you using?
Heh, OpenLDAP 2.4.11. Old I know, I've been meaning to go back to a
stable 2.3 for some time, but 2.4.x had certain fixes for the
translucent overlay that I needed, which I don't need anymore.
--andy