On 25/5/2012 6:59 μμ, Nick Milas wrote:
You mean that if we use a <what> statement without an "attrs=" clause, then it affects children and entry pseudo-attributes as well? And what if there is a filter specified too (still without an "attrs=" clause)?
From some research I did (e.g.: http://www.openldap.org/faq/data/cache/1140.html), I don't see cases of implicit change (meant as described above) of entry and children pseudo-attributes.
In case we would like an ACL statement to include all attributes *plus* the pseudo-attributes, then we should explicitly specify, for example:
access to dn.subtree="ou=people,dc=example,dc=com" attrs="@extensibleObject,children,entry" by dn.exact="uid=admin,ou=people,dc=example,dc=com" write ...
If anyone has more details on this, I would appreciate your feecback.
Regards, Nick