2/ How can I hide my transitional LDAP suffix in the rootDSE ?
[...]
8<-------- access to dn.exact="" attrs=namingContexts val/distinguishedNameMatch="o=example transitional" by * none access to dn.base="" by * read 8<--------
The first should match when namingContexts are listed. But it doesn't, I have read access on all values. I have inverted all ACLs, tried to apply different scopes or more restrictive rights with some break/continue controls, etc.
[...]
Any idea ?
Maybe I got it. I read the manpage of slapd.access :
"Using the form attrs=<attr> val[/matchingRule][.<attrstyle>]=<attrval> specifies access to a particular value of a single attribute. *In this case, only a single attribute type may be given*. [...]"
So, I tried with the single-value configContext attribute, and it works! So, I can not apply this rule on namingContexts because it contains multiple values ?
Thomas.
openldap-software@openldap.org