This is the first ACL in the file.
Tim Gustafson
SOE Webmaster
UC Santa Cruz
tjg(a)soe.ucsc.edu
831-459-5354
-----Original Message-----
From: Quanah Gibson-Mount <quanah(a)zimbra.com>
Date: Fri, 30 Jan 2009 17:24:47
To: Tim Gustafson<tjg(a)soe.ucsc.edu>; <openldap-software(a)openldap.org>
Subject: Re: ACL Question
--On Friday, January 30, 2009 4:42 PM -0800 Tim Gustafson
<tjg(a)soe.ucsc.edu> wrote:
Hi,
I have the following in my slapd.conf:
access to dn.subtree="cn=log"
by
group/groupOfNames/Member="cn=ldap-admins,ou=Group,dc=soe,dc=ucsc,dc=edu"
read
However, anyone (even unbound anonymous users) can access cn=log without
any problems. I don't want anyone but ldap-admins to be able to access
this subtree.
I'm thinking that I must be missing something really simple here. Am I
doing something wrong? Any help is greatly appreciated.
What are your other acls? ACLs are applied as they are reached, so if a
previous ACL allows access to cn=log, this one will never get evaluated.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration