Sent: Thu May 24 2012 07:38:35 GMT-0400 (EDT) From: Turbo Fredriksson turbo@bayour.com To: openldap-technical@openldap.org Subject: Re: dn.exact vs dn.base
[sorry, should have gone to the list]
On Thu, 24 May 2012 14:02:28 +0300, Nick Milas wrote:
access to dn.base="ou=system,dc=example,dc=com" by dn.exact="uid=userx,ou=people,dc=example,dc=com" write
This gives 'uid=userx,...' access to 'ou=system,...' _and everything below it_.
access to dn.exact="ou=system,dc=example,dc=com" by dn.base="uid=userx,ou=people,dc=example,dc=com" write
While this is the opposite - it gives 'uid=userx,...' and any objects below this (not much point in this exact example :) to ONLY the base object 'ou=system,...'.
Your'e thinking of dn.subtree. dn.base only applies to the specific entry.