--On Thursday, June 09, 2011 5:45 PM -0500 Juan Diego Calle juandiego.calle@soportelibre.com wrote:
I added this to the slapd.conf, but it didn't work.
access to * by self write by users read by anonymous read by * none
access to dn="ou=People,dc=iess,dc=gob,dc=ec" attrs=children,entry by group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec" write
Please read the slapd.access(5) man page very carefully. ACLs are processed in the order that they match.
access to * by <...>
matches everything. Therefore the second ACL will never be processed.
You may want to make it something like
access to dn="ou=People,dc=iess,dc=gob,dc=ec" attrs=children,entry by group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec" write by * break
access to * by self write by users read by anonymous read by * none
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration