Hi list,
just a short question about "continue" and additive privileges, given the following acl statement:
access to dn.subtree="o=test" attrs=sn by users =s continue by group/groupOfNames/member="cn=readers,ou=groups,o=test" +r
If the current user's bindDn isn't a member of the group "cn=readers,..." or the group's entry does not exist, the previously set privilege "=s" will be reset to "none"?
As the slapd.access man page just gives a "silly" and an "even more silly" example regarding "continue" I'm not sure this is the intended behavior.
Attached you'll find my minimalistic testbed: slapd.conf sample ldif data two ldapsearch commands (including their slapd.log level 128)
I'm using openldap MASTER.
Thank you very much.
Cheers Dora