--On Friday, March 06, 2009 4:10 PM -0500 Andrew Cobaugh
Weird, this isn't matching:
access to dn.children="ou=group,dc=mydoman"
by set="this/cn & user/uid" write
Instead, it's falling through to the "by * read" entry at the top of the
It doesn't even look like it's trying to match against that ACL, actually.
As documented, ACLs are evaluated in the order they are hit. So if you
have a by * read at the top of your ACLs, then of course nothing after that
will be evaluated.
I suggest you closely read slapd-access(5).
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration